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Letter from the Editor 


October 1999 


Dear Developer Notes Reader: 


Welcome to the October issue of Novell Developer Notes. I would like to welcome all of you who are seeing 
Developer Notes for the first time at the DeveloperNet University Workshops. I hope you will look through 
this issue and see the value of our monthly publication. Please take a look at our sister publication, Novell 
AppNotes, and see what we have to offer there as well. 


Thanks to all of you who participated in our first online readership survey. We are tabulating the results and 
getting ready to analyze them. We will use the results to better meet your needs with Novell Developer Notes. 


This month we cover a variety of topics. Our first article, “The Novell Controls for ActiveX and Visual Basic: 
Searching NDS Field Values,” by Morgan Adair, shows you how to search for specific values in a directory. 
An example program is also provided to illustrate the outlined techniques. 


Next, we have an article from Ann Davis on “Using JNDI and Novell’s NJCL to Access NDS.” This should 
help those of you working with the Novell Java Class Libraries and NDS. Following this we have an article on 
“Using the NetWare Deployment Kit to Upgrade to NetWare 5.” This should help those of you upgrading for 
use or development to the NetWare 5 platform. 


As a follow-up to last month’s articles, Russ Bateman provides the next installment on Novell Kernel Services 
in “Features of the Novell Kernel Services Programming Environment for NLMs: Part Two.” This article 
focuses on the programming concepts in the Novell Kernel Services environment. Look for more articles 
from Russ in the future. 


This month’s issue also includes an article from Novell’s Border Services team. Laura Pan’s “Overview of New 
Features in Border Manager Enterprise Edition 3.5,” describes the new BorderManager Enterprise Edition 
3.5 features and enhancements and shows how to configure them in your enterprise environment. 


We also have a short update on what Novell DeveloperNet University is presenting in their workshops. If you 
are currently attending one of the workshops, use this as a quick overview to the workshops. If you haven't 
signed up yet, this should entice to you to do so immediately. We think you'll agree that the DeveloperNet 
University workshops are a great way to get the development information you need. Richard Smith, Dean of 
DeveloperNet University, and an outstanding presenter, wrote this update article. Hopefully many of you will 
meet Richard during the workshop tour. Check out the workshop ad (in the back of this issue) for dates and 
locations, and visit the Web site at http://developer.novell.com/workshop for the latest information. 


Check out our Web site at http://developer.novell.com/research/devnotes.htm to find out what else we are up 
to. We will cover many of the topics you have requested information on in upcoming issues. Be sure to let us 
know what you think of Novell Developer Notes and DeveloperNet University. Send us feedback via our Web 
sites or E-mail. Look inside our front cover to see how to contact us. 


Until next time, 


Gamal B. Herbon 


Editor-in-Chief 
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OCT OB ER Pe og 


The Novell Controls for ActiveX 
and Visual Basic: Searching NDS 
Field Values 


This article is the fourth in a series on Novell Directory Services (NDS) 
programming using Visual Basic and the Novell Controls for ActiveX. The last 
article (“The Novell Controls for ActiveX and Visual Basic: Reading Field 
Values” in the September 1999 issue of Novell Developer Notes) told how to read 
the value of NDS directory fields. This article tells how to search a directory for 
fields with a particular value (for example, to search for User entries with a 
Surname field of “Schmidt”). As always, I provide an example program to 
illustrate the technique. 


POR ACTIVEX -AND Vis UAL “BeASiive 


Entries, Layouts, and Fields 


In the previous article I talked about the hierarchy of containers in a directory 
(typically, Organizations and Organizational Units). These containers may 
contain entries and other containers. 


Entries are data structures of a specific type or Layout. For example, the layout 
for Printer entries specifies that directory entries that represent printer objects 
will have fields for the name of the print queue(s) that the printer services, the 
name of the print server that manages the printer, and so on. The layout 
specifies the type of data that can be associated with a printer. An instance of a 
Printer object contains data pertaining to a specific printer. 


Each Field also has a data type, called the Field Type. There are four simple 
field types: 

e Boolean 

e Date 

e Long 

e String 

There are also nine predefined structure field types, and it is possible to define 


new structure field types. The predefined structure field types are: 


¢ NWACL. An Access Control List (ACL). An ACL is the key component in 
determining Directory access control. The ACL determines which 
operations a subject entry can perform on another entry. 


e NWEMailAdress. Represents an E-mail address. 
e NWwNetAddress. Represents a network address. 


¢ NW0OctetString. Represents a byte string whose value is not interpreted by 
the Directory 


e NWPath. Represents a file system path. 


¢ NWPostalAddress. Specifies address information for physical delivery of 
postal messages. 


¢ NWStream. A field of binary data that is (ike an NWOctetString) not 
interpreted by the directory. Usually used to store large amounts of data, as 
with graphic or audio files. 


¢ NWTimeStamp. A field that marks the time when an event occurred or will 
occur. 


e NWTypedName. A field that represents a level and in interval associated with 
an entry. 


The documentation for the NWDir control (available on the Web at 
http://developer.novell.com/ndk/doc.htm) has more information about the 
properties of structure field types. 
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Searching a Directory 


In addition to the field type, fields can also be single-valued or multi-valued. For 
example, Group entries have a Member field that is a multi-valued field of type 
String. The Member field contains the full names of User entries that have 
membership in the group. 


The NWDir control has a Search method that searches for entries with a 
specified name and layout. The Search method is declared as: 


object.Search(NameFilter As String, ClassFilter As String, Scope As NWSearchScope, 


StartContext As String, 


{[SearchMode As NWSearchMode] ) a 


6 NOVELL 


CONTROLS 


The table below contains descriptions of each of the Search method’s 
parameters. 


NamefFilter Specifies a comma-delimited list of entry names. The 
asterisk (*) can be used at the end of a name as a 
wildcard character. 

ClassFilter A comma-delimited list of the names of the layouts that are 
to be used in the search. 


Scope Indicates if the scope of the search is constrained to the 
given context (SEARCH_SUBORDINATES), or if it should 
also encompass subordinate containers 
(SEARCH_SUBTREE). 


StartContext The full name of the context where the search is fo start. 


SearchMode Optional. An NWSearchMode constant that specifies if 


the search is done synchronously (using the 
SEARCH_SYNCHRONOUS constant) or asynchronously 
(using the SEARCH_ASYNCHRONOUS constant). If no 
parameter is passed, the search is synchronous. 
The Search method just initiates a search. When the search is completed, the 
NWDir control generates a SearchCompeted event. Since searching a large 
Directory can take several minutes (or more depending on network topology and 
container replication), it is advisable to use the SEARCH_ASYNCHRONOUS 
search mode. When searches are done asynchronously, Search returns 
immediately, and the program can perform other tasks while waiting for the 
search to complete. For example, if your program uses an asynchronous search, 
you could provide a cancel button, so that the user can cancel a search that is 
taking too long. With a synchronous search, program execution is blocked until 
the search completes. 


FOR ACTIVEX AND VISUAL BASIC 


The SearchCompleted event returns an array of strings containing the full name 
of every directory entry that matches the specified search parameters. 
Searching for entries containing a particular field value is therefore a two-step 
process: 


1. Search for entries with the name and layout that you are interested in. For 
example, to search for all User entries, pass “*” in the NameFilter 


parameter, and “User” in the ClassFilter. 


2. Inspect each entry returned by the search method for the field value you 
are interested in. 


Example Program: SearchField 


SearchField allows the user to search Fields in a Directory for a specified string. 
To keep this example simple, we'll only search single-valued string Fields. The 
program starts out by asking the user to select one of the Directories the 
workstation is logged in to, and gives the option to log in to another Directory. 
Since we already created the forms and wrote the code to do that for the 
ReadField program (see “The Novell Controls for ActiveX and Visual Basic: 
Reading Field Values” in the September 1999 issue of Novell Developer Notes), 
we'll reuse those forms in SearchField. After the user has selected a Directory, 
SearchField displays a form that allows the user to select the parameters that 
will be used in the search: 


e The layout of the Entries to be searched (User Entries, Server Entries, etc.). 
e The name of the Field within the Layout that will be searched. 


e The context within the Directory where the search will begin. 


e The string to search for. 
When the user specifies the parameters and clicks on the Search button, 
SearchField finds all Entries that match the specified parameters and displays 


their Full Names in a text box labeled “Search Results.” Figure 1 shows the 
results of a search. 
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Figure 1: SearchField searches for 
User entries with “adair” in the 


Surname field. 
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CiGin TROL S$ 


«. Search for Field Value 


Layout Server 


[MailboxID 
{Mailbox Location 


| 
| Starting context: 
| 


Search Results: [NDS.\\CAMELOT\Image_Testing\madir. adair 
: NDS:\\CAMELOT \image_Testing\ Development\MAdair Adair 


lmage_Testing Foe 


Building SearchField 
To build the SearchField program: 


1. Start Visual Basic and create a new “Standard EXE” project. 
2. Add the Novell Directory and Session controls to your project: 


a. Open the Components dialog by selecting “Components” from the 
Project menu, or by right-clicking the Toolbox and selecting 
“Components” from the pop-up menu. 


b. Scroll down the list of components and check the boxes next to “Novell 
Directory Control” and “Novell Session Control.” 


ec. Click OK. 


The SearchField program consists of 3 forms and one code module. As 
mentioned earlier, two of the forms can be copied from the ReadField program. 


ConnectionsForm, LoginForm, and Module1 


The previous article in this series, “The Novell Controls for ActiveX and Visual 
Basic: Reading Field Values” (September 1999), had instructions for designing 
and writing the associated code for two forms, ConnectionsForm and 
LoginForm, and one code module, Module1. You will need to make one small 
change to each of the two forms, so you should create a new directory for the 
SearchField program and copy ConnectionsForm.frm, LoginForm.frm, and 
Modulel.bas to this new directory. 


FOR ACTIVER AND VISWVAL BASIE 


Figure 2: Designing 
SearchFieldForm. 


After copying the files, do the following: 


1. Add Modulel1 to the project by selecting “Add Module” from the Project 
menu, clicking on the “Existing” tab, and selecting the Module1.bas file that 
you just copied. 


2. Add the forms to the project by selecting “Add Form” from the Project 
menu, clicking on the “Existing” tab, and selecting the 
ConnectionsForm.frm and LoginForm.frm files that you just copied. 


3. For each form, double-click anywhere on the form to open the associated 
code and change the line of code that says 


ReadFieldForm. Show 


to 


SearchFieldForm. Show 


SearchFieldForm 


Once the user has selected a Directory to search, the SearchField program 
displays SearchFieldForm to get the information needed to perform the search. 
You can create SearchFieldForm by following the instructions below. 


Add a new form to your project by selecting “Add Form” from the Project menu 
and clicking the “Open” button with the “Form” icon selected. Resize the form 
and add the components and associated attributes as shown in Figure 2. 
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Next, you need to enter the code associated with the form and each of its 
components. When SearchFieldForm loads, it needs to build a list of Layouts 
that are defined in the Directory the user has selected. It also enters default 
values for the starting context text box. To enter the code that does this, open 
the form’s load procedure by double-clicking anywhere on the form. Enter the 
code shown below: 


Private Sub Form_Load() 
Dim entry As NWLayoutDescription 


' Set session's default context to the selected Directory 
NWSess1.DefaultFullName = NWSessi.DefaultFullNameFromTreeName (DefaultTree) 


'Set the starting context to search as the current 
: context in the selected Directory 
ContextTxt.Text = NWDirl.ContextFromFullName (NWSess1.DefaultFullName) 


‘Get the names of all Layouts in the Directory the user selected 
For Each layoutName In NWDirl.Layouts 

LayoutNamesLst.AddItem layoutName.Name 
Next layoutName 


‘Select the first Layout 
LayoutNamesLst.Selected(0) = True 
End Sub 


SearchFieldForm also needs to build a list of Fields that are associated with the 
Layout that the user selects from the LayoutNamesLst list box. The Form_Load 
procedure also selects a Layout, and when it does it generates a Click event, just 
as if the user had selected the first Layout in the list by clicking on it. So, the 
LayoutNamesLst_Click subroutine can handle either event. Double-click on the 
LayoutNamesLst list box and enter the code below: 


Private Sub LayoutNamesLst_Click() ] 
Dim entry As NWLayoutDescription 
Dim fieldName As Variant 


‘Clear out the current list of Field names 
FieldsLst.Clear 


‘Now put in the names of Fields in the newly-selected Layout 
Set entry = NWDirl.Layouts (LayoutNamesLst.Text) 


For Each fieldName In entry.Fields 
‘But only Fields of type String and SingleValued 
If (fieldName.TypeName = "String") And _ 
(NWDirl.FieldTypes.Item(fieldName.Name) .SingleValued = True) Then 
FieldsLst.Additem fieldName.Name 
End Lt 
Next fieldName 


‘Only enable the Search button if there's a Field in the list to select 
If FieldsLst.ListCount = 0 Then 
SearchBtn.Enabled = False 
Elise 
FieldsLst.Selected(0) = True 
SearchBtn.Enabled = True 
End If — 
End Sub 
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Next, we'll add the code for the two buttons. First, double-click on the Exit 
button and enter the code that will be executed when the user clicks on it: 


Private Sub ExitBtn_Click() 
End 


End Sub 


Double-click on the Search button to open the button's Click subroutine and 
enter the code shown below. This is the code that initiates a search, based on 
the data the user has entered in SearchFieldForm's various controls. 


Private Sub SearchBtn_Click() 
‘Switch to arrow/hourglass cursor while search is running 
‘(asynchronous search returns immediately and triggers 
'SearchCompleted event when search is completed) 
SearchFieldForm.MousePointer = vbArrowHourglass 


‘do the search 

NWDirl.Search "*", LayoutNamesLst.Text, SEARCH SUBTREE, 
NWDirl.FullNameFromTreeAndContext (DefaultTree, ContextTxt.Text), _ 
SEARCH_ASYNCHRONOUS 


End Sub 


We want to do a case-insensitive search, so enter the following line of code in 
the general declarations for SearchFieldForm (select “General” from the object 
list box at the top of SearchFieldForm’s code window). 


Option Compare Text 


When the search is completed, the NWDir control will generate a Search 
Completed event. The handler for this event will look at each entry that the 
Search method has returned and compare the value of the field the user has 
selected with the string the user has provided. Since we’re just doing string 
comparisons, we can use VB’s Like operator, which allows the user to use 
wildcard characters. 


To write the code that handles the SearchCompleted event, select “NWDir1” in 
the object list box at the top of SearchFieldForm’s code window, and 
“SearchCompleted” in the procedure list box. Then enter the code shown 
below. 


Private Sub NWDirl_SearchCompleted(ByVal Results As Variant) 
Dim selectedEntry As NWEntry 
Dim selectedField As String 
Dim numMatches As Integer 
Dim selectedString As Variant 


‘Enable the error handler 
On Error GoTo ErrorHandler 
Err.Clear 


‘Restore the arrow cursor 
SearchFieldForm.MousePointer = vbDefault 
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‘Clear out the Results box 
Results st Text)=' ") 
numMatches = 0 


Tf IsEmpty(Results(0)) Then 
'No matches 
ResultsTxt.Text = "[No matches] " 
Else 
For Each result In Results 
Set selectedEntry = NWDirl.FindEntry(result) 
selectedString = selectedEntry.GetFieldValue(FieldsLst.Text) 
If VarType(selectedString) <> vbEmpty Then 
If selectedString Like FieldValueTxt.Text Then 
ResultsTxt.Text = ResultsTxt Text + result + ": "+ _ 
selectedString + vbCrLf 
numMatches = numMatches + 1 
Bnd If 
End if 
Next result 


‘Display a count of number of matches returned by the search 
ResultsTxt.Text = ResultsTxt.Text + CStr(numMatches) + " Matches" 


End if 
Exit Sub 
ErrorHandler: 
Select Case Err.Number 
Case 13 'Type mismatch 
MsgBox "Type mismatch" 
Case 601 ‘Directory Entry Not Found Error 
MsgBox "Directory Entry " + result + " Not Found" 
Case 603 ‘Directory Field Not Found Error 
ResultsTxt.Text = ResultsTxt.Text + "Field ‘" + FieldsLst.Text _ 
+ "! Not Found in " + result + vbCrLf 
Case Else 
MsgBox "“Unanticipated error: " + Err.Description, vbExclamation 
End Select 


Err.Clear 
Resume Next 
End Sub 


Still Want More? 


Knowing how to search the directory and read field values is all you need to 
write some good, basic NDS applications. For example, it would not be difficult 
to modify the SearchField example to be a simple phone book program. But just 
reading information out of the directory is not enough. Next we'll look at how to 
write information into directory fields. 
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Using JNDI and Novell’s NJCL to 
Access NDS 


If you are a developer who is looking for a good Java way to access and 
administer NDS, the Java Naming and Directory Interface (INDI) combined 
with Novell’s JNDI NDS Provider is an excellent choice. JNDI is a 
directory-independent standard supplied by Sun Microsystems to allow 
programmatic directory access to any directory with JNDI providers. Novell’s 
JNDI NDS provider is included in Novell’s Java Class Libraries (NJCL) and 
offers classes and methods that can be used to implement and extend the 
functionality of JNDI to perform NDS-specific tasks. NJCL includes several 
other NetWare-specific JNDI providers along with the NDS provider; however, 
in this Developer Note we'll discuss only the JNDI NDS provider. Any 
references to NJCL refer only to the JNDI NDS provider portion of NJCL. 


There are a couple of key points to understand before you create your 
JNDI/NJCL programs. One point stems from a question many developers have 
asked: “Can I write a JNDI-only program to access NDS?” The answer is “yes,” 
depending on what task you are attempting. Tasks that are considered 
“directory-independent,” such as listing or searching for objects, can be done 
with JNDI alone. However, if you wish to reference any NDS-specific class 
names or attributes, then you will need to use the JNDI NDS provider included 
in NJCL. 


Another important point to understand is that if you decide to run a JNDI/NJCL 
program on a client system (rather than a NetWare server), you need a 
NetWare client installed on that client system. 


This is not the case if you are using the JNDI LDAP provider. 


All of Novell’s current JNDI providers (except LDAP) use the NetWare client 
libraries to perform their tasks. This will not be the case in the future; in fact, 
there is already an RMI, non-client-dependent version of NJCL available 
pre-release from http://developer.novell.com/ndk under the Leading Edge link. 
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Authenticating 


14 UsiINnG JNDI 


Note: 


Note: 


AND 


With these points in mind, we will discuss how to use JNDI/NJCL to perform 
several basic NDS administrative tasks: logging in to the NDS tree, searching 
the NDS tree, adding a user to the tree, modifying attributes for a user, deleting 
a user, and logging out of the NDS tree. This Developer Note covers each of 
these tasks and the sample code associated with them. 


The import statements and encompassing class definition are not included in the 
following code snippets. They are included in the full sample provided at the end of this 
article. 


By itself, JNDI does not provide any authentication capabilities, so logging in to 
an NDS tree is performed using only NJCL classes and methods. 


Many operations do not require having an authenticated connection to the NDS tree; 
however, the operations our program will perform do require authentication. 


NJCL authentication is performed using existing NetWare authentication 
strategies. When an NJCL program runs on a NetWare client system, it uses the 
Novell Client’s authentication to establish, or provide, a secure connection to 
the NDS tree. When an NJCL program runs on a NetWare server, the 
authentication methods use the Client Requester to establish a secure 
connection. This authentication strategy implies two important points. First, any 
client system where you want to run your program needs to have a NetWare 
Client installed, and then your program will automatically receive all the rights 
provided by the Novell Client. In other words, if your client is already 
authenticated to the NDS tree as a specific user, there is no reason for your 
program to re-authenticate unless you wish it to run as a different user. Second, 
in the server case, the NetWare Server console is not assumed to be an 
authenticated connection. Therefore, anytime you run your program on a 
NetWare server it will have to explicitly authenticate. 


When you actually use the Authenticator.login() method, you can choose to 
have your program display a GUI screen where a user can enter his name, 
context, and password, or you can choose to have your program do a completely 
programmatic, non-interactive login. Our program will do a GUI login that is 
discussed in further detail below. 


NOVELL’ S NIGEL TO Ave @ess NDS 


Below is the part of our program that performs the login task: 


private static void login() 
{ 
System.out.printin("**** Logging in ****"); 
try 
{ 
NdsIdentityScope idenScope = null; 
idenScope = new NdsIdentityScope (adminContext, new NdsIdentityScope (tree, 
new NdsIdentityScope())); 
identity = new NdsIdentity(adminUser, idenScope) ; 
Authenticator.login(identity) ; 
} 
catch(Exception e) 
{ 
System.out.println("login: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 
} 


The first line in the “try” defines an instance of the NdsIdentityScope class that 
will hold the scope, or context, of where the login object exists. As shown by the 
second line inside the try, an NdsIdentityScope object is actually constructed by 
“chaining together” other NdsIdentityScope objects. Depending on how deep in 
your NDS tree you are, you have to step up through the successive containers 
until you reach the top level, which is the tree name. In our example, the login 
object exists in the top-level organization of the tree, thus we only have to chain 
together two calls to the NdsIdentityScope constructor. 


Note: The login.java sample code available on the NDK contains a recursive method for 
creating the NdsldentityScope. This recursive method allows you to log in as an object 
that exists anywhere in your tree, regardless of depth. 


The third line in the try creates an NdsIdentity based on the login name and the 
scope. Once we have created an NdslIdentity, we can call the Authenticator.login 
method to authenticate that identity to the tree. This is the point at which you 
would make a modification in order to perform a non-GUI login. To perform a 
non-GUI login, you would need to create an NdsPasswordIdentity rather than 
an Ndsldentity to be passed to the login method. An NdsPasswordIdentity is 
simply an NdslIdentity that includes a password in its private data. 


Searching 


Searching a directory tree is probably one of the most often-performed tasks, 
and much of the search methodology is directory-independent. For this reason, 
we can use the JNDI classes and methods for our search. The only point at 
which any NDS-Provider information comes into our search is when we set up 
the filter based on an NDS-specific object. 


NOWELL DEVELOPER NOTES @ OETORER 1999 15 


Note: |n many cases, it is not necessary to perform a search. A lookup works just as well. The 
DirContext.lookup() method searches for a specific object in a specific context. 
However, if you wish to be able to search on other filters, such as specific attribute 
values, you do have to use DirContext.search(). In this example, we use the search() 
method rather than the lookup() method simply to demonstrate how searching is done. 


Here is the portion of our code that is responsible for the search: 


private static void search() 
{ 
System.out.printin("**** Searching ****"); 
// Set the initial context factory to NDSInitialContextFactory 
Hashtable systemProps = new Hashtable(); 
systemProps.put ( 
Context.INITIAL CONTEXT FACTORY, 
Environment .NDS_ INITIAL CONTEXT FACTORY) ; 
systemProps.put (Context.PROVIDER_URL, tree); 


cry 
{ 
// Set the initial context 
ctx = new InitialDirContext (systemProps) ; 


// See if the user already exists in the user context 
NamingEnumeration sEnum = null; 

// Set up filter 

String filter = "(CN=userName)"; 

// Set up constraints to do single-scope search 
SearchControls constraints = new SearchControls(); 
constraints.setSearchScope (SearchControls.ONELEVEL_SCOPE) ; 
// Search the user context for the name 

sEnum = ctx.search(userContext, filter, constraints) ; 


int count = 0; 

if (sEnum.hasMore() ) 

{ 
System.out.println("Name already exists; choose another name.") ; 
System.exit(-1); 


i 

catch (javax.naming.NamingException e) 

{ 
System.out.println("search: Exception thrown: " + e.getMessage()); 
e.printStackTrace() ; 
System.exit(-1); 


In this sample code, the first thing we do is set up our context. Just because we 
have logged in to the tree does not mean that we have established a DirContext 
from which to perform any tasks. We define our context by specifying that we 
are working with NDS and giving the name of our tree. We must set up a 
context even after logging in because a client may be logged in to more than one 
tree at a time, and authenticating does not automatically create a DirContext for 
you. So, it is in the first line of the try that we actually establish our initial 
context as the root of the tree we specified. This line would throw an exception if 
the specified context could not be found. 
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Creating a User 


The next portion of the try is where we set up the parameters for our search. We 
are searching a specific container in our tree to determine if a specific user (the 
one we will later create) already exists there. So, for the filter, we specify our 
user name. Then, for the constraints, we specify that we want to do a one-level 
search because we are only interested in knowing if our user already exists in a 
specific container. We don’t care if it already exists in some other place in the 
tree. Once we have set up the filter and the constraints, we can perform the 
search, passing in the specific container (relative to our DirContext) that we 
want to search, and getting as a result an enumeration of SearchResult objects. 
It’s at this point that we step through the Search Result objects to determine if 
there are any. If an object of our user name does already exist, we print a 
message and exit the program. 


Creating a user (or any object) in a directory is necessarily a directory-specific 
operation. Different directories contain different types of objects, and specifying 
what type of object we wish to create requires using terms specific to our 
directory. In our case, with NDS, we want to create a user object. Thus, part of 
the code for creating a user will be JNDI code and part will make use of the 
JNDI NDS provider classes and methods. 


Below is the portion of our code that creates a user in NDS: 


private static void createuser() 


{ 


System.out.printin("**** Create new user ****"); 


try 
{ 


Attributes attrs = new BasicAttributes(); 
attrs.put ("Object Class", new NdsCaseIgnoreString("User")); 
attrs.put("Surname", new NdsCaseIgnoreString (surname) ) ; 


ctx.createSubcontext (userName + "." + userContext, attrs); 


} 
catch (Exception e) 


{ 


System.out.printlin("createuser: Exception thrown: " + e.getMessage()); 


e.printStackTrace(); 
System.exit(-1); 


} 


The first line in the try block creates a new instance of the BasicAttributes class, 
and the next two lines place attribute name - attribute value pairs into this 
memory. It is important to note that mandatory attributes must be specified 
before creating a user. Object Class and Surname are the mandatory attributes 
for an NDS User. (Information on mandatory and optional attributes for different 
NDS object types can be found in Novell’s NDS Schema Specification.) It is also 
important to note that when the values for the Object Class and Surname 
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attributes are specified, new instances of the class NdsCaselgnoreString are 
used. Novell’s JNDI NDS provider does not consider the values of NDS 
attributes to be simple strings. In this case, our values are of type 
NdsCaselgnoreString. Values of other attributes may be of other types. This 
information is provided in the Novell’s NJCL documentation for the JNDI NDS 
Provider. 


Once we have set up values for the mandatory attributes, we can actually tell 
NDS to create our new user. This is done with the “createSubcontext()” method 
of DirContext. We pass in as our first parameter the relative distinguished name 
of our user (relative to our current context) and as our second parameter the 
attributes to be associated with our new user. This line will throw an exception if 
for some reason the new user cannot be created. 


Modifying Attribute Values 


{ 


private static void modattrs() 


NdsCaselIgnoreString (surname) ) ; 


NdsTelephoneNumber (telNumber) ) ; 


After we have created a new user, we might wish to modify the values of certain 
attributes of the user or add values for currently unspecified attributes. This is 
done the same way we specified the mandatory attributes for our new user in 
the previous code. 


The code for modifying attribute values for our user is shown below: 


System.out.println("**** Modifying attributes ****"); 
cry 
{ 

// Create the initial ocntext 


String name = userName + "." + userContext; 
Object nameObj = ctx.lookup (name) ; // check that we can get the object 
ModificationItem mods[] = new ModificationItem[2]; 


// Put in surname 
Attribute mod0 = new BasicAttribute("Surname", new 


mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0) ; 
// Put in telephone number 
Attribute modl = new BasicAttribute("Telephe Number", new 


mods[1] = new ModificationItem(DiurContext.ADD_ATTRIBUTE, mod1) ; 
ctx.modifyAttributes (name, mods) ; 

} 

catch (Exception e) 

{ 
System.out.println("modattrs: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 
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Deleting a User 


The first non-comment line in the try sets up the complete relative distinguished 
name of the user for which we wish to modify attribute values. The next line 
performs a lookup on this object as a way of checking that we can access the 
object we have specified. 


Next, we set up an instance of the ModificationItem class with space for 2 
modifications, or space for modification of 2 attributes. Each element of a 
ModificationItem array contains two things: a specification of what type of 
modification we wish to do and the new values relating to that modification. The 
new values are stored in an instance of the BasicAttribute class, as shown when 
we set up an instance of the BasicAttribute class for our new value of the 
surname attribute. After we set up our Basic Attribute instance, we can 
construct the first element in our ModificationItem array by specifying as the 
first parameter that we are replacing the attribute in question, and as the second 
parameter BasicAttribute containing the replacement value. Setting up the 
second element of the ModificationItem array follows the same procedure, 
except for two things. First, our new telephone number is an instance of 
NdsTelephoneNumber, not simply a string or even an NdsCaselgnoreString. 
Second, the first parameter of our ModificationItem array element is specified to 
be an ADD_ATTRIBUTE since there is no existing value for the telephone 
number attribute of this object. 


Once we have set up the memory which specifies the modifications we wish to 

make, we use the modifyAttributesQ method of DirContext to tell NDS to make 
the modifications, provided we can access our object and have set up our array 
correctly. If there is any problem in performing the modifications, this line will 

throw an exception. 


Now that we have created and modified attributes for a new user in our tree, we 
delete that user in order to return the tree to its original state. The following 
code shows how to delete a user: 


{ 


try 
{ 


} 


{ 


} 


private static void deleteuser() 


System.out.println("**** Deleting new user ****"); 


ctx.destroySubcontext (userName + "." + userContext) ; 


catch (Exception e) 


System.out.println("deleteuser: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 


All that is needed to delete a user is to call the destroySubcontext() method of 
DirContext with the complete relative distinguished name (relative to our 
current context) passed in as a parameter. 
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Logging Out 


Now that we have returned the tree to its original state, we log out of the tree. 


Note: If this program is running on a client, the connection to the tree for this specific user will 
be destroyed. 


The code to log out of the tree is shown below: 


private static void logout () 
{ 
System.out .printiln("**** Logging out ****"); 
try 
{ 
Authenticator. logout (identity) ; 
} 
catch (Exception e) 
{ 
System.out.println("logout: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 
Ns 
} 


As with the login, the logout displays a GUI dialog box that requires that you 
click on the OK button to complete the logout. If the identity passed in to the 
logout() method is an NdsPasswordIdentity rather than an Ndsldentity, the 
logout will be performed without showing a GUI and without questioning the 
user for verification. 


Summary 


This program has gone through several simple procedures that are often used, 
in some form, in administering NDS. These procedures can be programmed 
using other languages and API sets, but using Java with JNDI and NJCL 
provides an easy, platform-independent method with a great deal of flexibility. 
Java provides the platform independence, and the standard nature of JNDI 
provides you with the ability to change underlying JNDI providers (to LDAP, for 
instance) without requiring major modifications to your code. JNDI also allows 
you to easily expand your existing JNDI code to use other providers to perform 
other tasks, such as file system or queue management operations. JNDI, 
combined with NJCL, offers a rich set of capabilities to Novell’s Java developers. 
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Complete Code Listing: 


// 
Aa 
// 
Lh 
// 
ree 
// 
tah 
if 
LF 
// 
ae 


Copyright (c) 1999 Novell, Inc. All Rights Reserved. 


THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES. 


USE AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO THE LICENSE AGREEMENT 
ACCOMPANYING THE SOFTWARE DEVELOPMENT KIT (SDK). NOVELL HEREBY GRANTS 

TO DEVELOPER A ROYALTY-FREE, NON-EXCLUSIVE LICENSE TO INCLUDE NOVELL'S 
SAMPLE CODE IN ITS PRODUCT. NOVELL GRANTS DEVELOPER WORLDWIDE 
DISTRIBUTION RIGHTS TO MARKET, DISTRIBUTE, OR SELL NOVELL'S SAMPLE CODE AS 
A COMPONENT OF DEVELOPER'S PRODUCTS. NOVELL SHALL HAVE NO OBLIGATIONS 

TO DEVELOPER OR DEVELOPER'S CUSTOMERS WITH RESPECT TO THIS CODE. 


import java.util.Hashtable; 
import javax.naming.*; 
import javax.naming.directory.*; 


import com.novell.java.security.Authenticator; 
import com.novell.java.security.Identity; 

import com.novell.java.security.IdentityScope; 
import com.novell.service.security.NdsIdentity; 
import com.novell.service.security.NdsIdentityScope; 
import com.novell.service.nds.*; 

import com-novell.utility.naming. Environment; 


public class NdsProg 


{ 


static String tree = "MB"; 

Static String adminUser = "dcbliluser"; 

static String adminContext = "MB"; 

static String userContext = "dcb111.MB"; 

static String userName = "anja"; // Place your name here 

static String surname = "davis"; // Place your surname here 

Static String telNumber = "123-4567"; // Place your telephone number here 


static DirContext ctx; / 
static Identity identity = null; 


th 
// main 
if 
public static void main(String args[]) 
{ 
ayy 
{ 
ndsProg ndsInst = new NdsProg(); 
ndsInst.login(); 
ndsiInst.search() ; 
ndsInst.createuser(); 
ndsInst.modattrs() ; 
ndsInst.deleteuser(); 
ndsInst.logout(); 
System.exit (0); 
} 
catch (Exception e}) 
€ 
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Ay 
kL 
if 


System.out.printin("main: Exception thrown: " + e.getMessage()); 


Login 


private static void login() 


{ 


es 
iil 
ie 


System. out. printla("**** Logging in ****")} 
try 
{ 
NdsIdentityScope idenScope = null; 
idenScope = new NdsIdentityScope(adminContext, 
new NdsIdentityScope(tree, new NdsIdentityScope())); 
identity = new NdsIdentity(adminUser, idenScope) ; 
Authenticator.login(identity) ; 
} 
catch(Exception e) 
{ 
System.out.printlin("login: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 


Search 


private static void search() 


{ 


Systemvout .printin("**** Searching ****"); 
// Set the initial context factory to NDSInitialContextFactory 
Hashtable systemProps = new Hashtable(); 
systemProps.put ( 
Context. INITIAL _CONTEXT_FACTORY, 
Environment .NDS_INITIAL_CONTEXT_FACTORY) ; 
systemProps.put (Context.PROVIDER_URL, tree); 


try 
{ 
// Set the initial context 
ctx = new InitialDirContext (systemProps) ; 


// See if the user already exists in the user context 
NamingEnumeration sEnum = null; 

// Set up filter 

String filter = "(CN=” + userName + “)"; 

// Set up constraints to do single-scope search 
SearchControls constraints = new SearchControls(); 
constraints.setSearchScope (SearchControls.ONELEVEL SCOPE) ; 
// Search the user context for the name 

sEnum = ctx.search(userContext, filter, constraints) ; 


ant’ count = 0; 

if..(sEnum.hasMore () ) 

{ 
System.out.println("Name already exists; choose another name."); 
System exTe(=1)5 : J 
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catch (javax.naming.NamingException e) 

{ 
System.out.printin("search: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 


3 
} 
Veule 
// createuser 
hf 
private static void createuser() 
{ 
System.out.println("**** Creating new user ****"); 
try 
{ 
Attributes attrs = new BasicAttributes(); 
attrs.put ("Object Class", new NdsCaseIgnoreString("User")); 
attrs.put("Surname", new NdsCaselgnoreString (surname) ) ; 
ctx.createSubcontext (userName + "." + userContext, attrs); 
} 
catch (Exception e) 
{ 
System.out.printin("createuser: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 
} 
} 
17 
// modattrs 
if 
private static void modattrs() 
{ 
System.out.println("**** Modifying attributes ****"); 
try 
ic 


// Create the initial context 
String name = userName + "." + userContext; 
Object nameObj = ctx.lookup(name);// check that we can get the object 


ModificationItem mods[] = new ModificationItem[2]; 


// Put in surname 

Attribute modO = new BasicAttribute("Surname", new 
NdsCaselIgnoreString (surname) ) ; 

mods[0] = new ModificationItem(DirContext.REPLACE ATTRIBUTE, mod0) ; 

// Put in telephone number 

Attribute modl = new BasicAttribute("Telephone Number", new 
NdsTelephoneNumber (telNumber) ); 

mods[1] = new ModificationItem(DirContext.REPLACE ATTRIBUTE, modl1); 

ctx.modifyAttributes (name, mods) ; 


r 


} 

catch (Exception e) 

if 
System.out.printin("modattrs: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 
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eye 
/7f Logout 
Lf 
private static void logout () 
{ 
Syvstem.ouc.printin("**** Logging out ****"); 
try 
{ 
Authenticator.logout (identity) ; 
} 
catch (Exception e) 
{ 
System.out.println("logout: Exception thrown: " + e.getMessage()); 
e.printStackTrace(); 
System.exit(-1); 
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Note: 


Copyright © 1999 by Novell, Inc. All rights 
reserved. No part of this document may be 
reproduced or transmitted in any form or by 
any means, electronic or mechanical, 
including photocopying and recording, for 
any purpose without the express written 
permission of Novell. 


All product names mentioned are trademarks 
of their respective companies or distributors. 
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Using the NetWare Deployment 
kit to Upgrade to NetWare 5 


If you’re like most information technology (IT) professionals, you’re probably 
under intense pressure to provide a network infrastructure that will move your 
company forward into the E-business economy of the next millennium. The 
good news is that you already have a head start if you are using NetWare 3 or 
NetWare 4. 


Upgrading to NetWare 5 takes you the rest of the way. Although upgrading to a 
major new software release such as NetWare 5 takes time and effort, the 
benefits you'll gain from its advanced capabilities far outweigh the cost of the 
upgrade. In addition, Novell provides many tools and resources to help you 
make the move quickly and smoothly. 


This article describes how to use the NetWare Deployment Kit to upgrade to 
NetWare 5. The Deployment home page is found at: 
hitp://www.novell.com/products/deployment/index.html 


The following documents offer valuable upgrade information: 


¢ Compelling Reasons for Upgrading to NetWare 5 Today 
(http://www. novell.com/products/deployment/decide/compelling.pdf) This 
document (in Adobe Acrobat format) focuses on the business advantages you'll 
enjoy when you upgrade to NetWare 5. It also provides information on Novell 
successes over the past two years, including the numerous awards the company has 
received for NetWare 5 and successes customers have had in upgrading. Finally, it 
provides an overview of the resources Novell provides to make upgrading easy, 
including step-by-step instructions, automated tools, documentation, forms and 
checklists. Note: If the file doesn't open on the first try, come back to this page and 
click the link again. 


e Adjusting Your Aim: Targeting Presentations to Upper Management 
(http://www. novell.com/products/deployment/decide/Adjusting.html) Read this 
document to learn ways to communicate the advantages of NetWare to upper 
management. 
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Installing NetWare 5 


Select the option that’s best for your situation: 


Adding a NetWare 5 server 


To install your first server or add a NetWare 5 server to your existing 
NetWare 3, NetWare 4, or NetWare 5 network, follow the instructions at: 
http://www.novell.com/documentation/|g/nw5/docui/index.hitml#../usserver/ 
setupenu/data/hunnj 280.html 


The installation process includes the following tasks: 


e Meet system and software requirements 

e Prepare the network for a NetWare 5 server 

e Prepare the computer for server installation 

e Begin the installation 

e Select the type of installation and regional settings 
e Select the platform support module and storage adapter 
e Select the storage device and network board 

e Create a NetWare partition and volume Sys 

e Name the NetWare 5 server 

e Install the NetWare 5 server file system 

e Install networking protocols 

e Set the server time zone 

e Setup NDS, Novell’s directory technology 

e License the NetWare 5 server 

e¢ Select other networking products to install 


e Customize your NetWare 5 server installation 


Upgrading from NetWare 4 

Select one of these options: 

Upgrading an existing NetWare 4 server (in place). Ifthe NetWare 4 
server you are upgrading meets the minimum hardware requirements for 


NetWare 5, check this site for instructions: 
http://www.novell.com/products/deployment/server/nw4/4inplace.html 
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Migrating files and data from a NetWare 4 server to a NetWare 5 
server using Novell Upgrade Wizard. If you want to upgrade to 
NetWare 5 but the server does not meet the minimum requirements, you will 
need a new computer. But you can use Novell Upgrade Wizard to automatically 
migrate files and NDS objects (including the server name) from the NetWare 4 
server to a the computer running NetWare 5. Check this site: 
http://www.novell.com/products/deployment/server/nw4/stepguide.html 


Using NetWare 5 Accelerated Upgrade. If you already have at least 
one NetWare 5 server on your network, you can use the NetWare 5 Accelerated 
Upgrade program to easily upgrade your NetWare 4 servers. Using this 
program does not require you to access the server; nor does it require the 
server to have a CD drive. 


Upgrading from NetWare 3 


Select one of the following options: 


Upgrading an existing NetWare 3 server (in place). To use this 
option, your NetWare 3 server must meet the minimum hardware requirements 
for NetWare 5. Check this site: 
http://www.novell.com/products/deployment/server/nw3/3inplace.html 


Migrating files and data from a NetWare 3 server to a NetWare 5 
server using Novell Upgrade Wizard. If you want to upgrade to 
NetWare 5 but the server’s computer hardware does not meet the minimum 
requirements, you will need a new computer. But you can use Novell Upgrade 
Wizard to automatically migrate files and objects from the NetWare 3 server to 
the new computer running NetWare 5. Check this site: 
http://www.novell.com/netware5/upgrade/stepguide.html 


Migrating files and data from a NetWare 3 server using REXXWARE 
Migration Toolkit. If you need to migrate data from a NetWare 3 server to 
a NetWare 5 server, check this site: hitp://www.simware.com/products/rmt/ 


The software and instructions will help you model your NDS tree, define how 
your NetWare 3 data will be converted to NetWare 5 data, and finally migrate 
the data from one or more NetWare 3 servers to your NetWare 5 server. 


Additional Resources: 


e Education Course 529 NetWare 4.11 to NetWare 5 Update—This course 
focuses on introducing, explaining, and comparing significant changes, 
updates, and new features found in NetWare 5. 


e Education Course 570 NetWare 5 Advanced Administration—This course 
provides students with the knowledge and skills they need to design, 
configure and administer a complex NetWare 5 network. 
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Installing Novell Client Workstations 
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NetWare 5 supports several types of client workstations. Select the type of 
computer that will be connected to your NetWare network. 


Windows 95/98 and Windows NT 


There are two options: 


Installing or upgrading only a few clients. For instructions on 
installing or upgrading the Novell Client software, check this site: 
http://www.novell.com/products/deployment/client/cd.html 


Upgrading several clients. If you need to upgrade several clients, you 
can save time by automatically updating your clients using the instructions at 
this site: http://www.novell.com/products/deployment/client/acu.html 


Additional Resources: 


Additional information about installing and configuring Novell Client for 
Windows 95/98 and Windows NT: 
http://www.novell.com/documentation/lg/chent/docui/index.html 


Understanding the Advanced Settings in the Novell Client for Windows 95/98 
—an AppNote published in April 1999: 
http://www.developer.novell.com/research/appnotes/1999/april/a3frame.htm 


DOS and Windows 3.1x 


If you still have computers running DOS or Windows 3.1x, you can still connect 
them to your NetWare network. Select one of these options: 


Installing or upgrading only a few clients. For instructions on 
installing or upgrading the Novell Client software, check this site: 
http://www.novell.com/products/deployment/client/cd.html 


Upgrading several clients. If you need to upgrade several clients, you 
may save time by automatically updating your clients using the instructions at 
this site: http://www.novell.com/products/deployment/client/acu.html 


Additional Resources: 


Additional information about installing and configuring Novell Client for 
Windows 95/98 and Windows NT: 
http://www.novell.com/documentation/lg/client/docui/index.html 


Understanding the Advanced Settings in the Novell Client for Windows 
95/98—an AppNote published in April 1999: 
http://www.developer.novell.com/research/appnotes/1999/april/a3frame.him 
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Apple Macintosh 


You can connect Macintosh computers to your NetWare network by following 
the instructions at this site: http://www. prosofteng.com/NetWare.htm 


Installing Networking Products 


Note: 


Many of the products installed during the server installation/upgrade require 
additional configuration before they can be used. The NetWare Deployment 
Web site (hitp://www.novell.com/products/deployment/products/products.html) 
offers product descriptions and configuration instructions for all of the 
following: 


Novell Distributed Print Services (NDPS) 
LDAP Services for NDS 

Novell Public Key Infrastructure (PKI) 
Novell Internet Access Server 

Storage Management Services 

Novell DNS/DHCP Services 

UNIX Print Services 

GroupWise 

Novell Replication Services 

NetWare NFS 

ManageWise 

Novell BorderManager 

ZENworks Starter Pack 


Netscape FastTrack Server for NetWare 


The products listed above are all Novell products. For information on Novell partner 
products, see Novell Partner Solutions Guide (http://developer.novell.com/npsguide/) 
and NetWare 5 Partner Products (http://www. novell.com/netware5/pproducts. html). 
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Managing NetWare 


For information on the day-to-day management of your NetWare network, see 
the NetWare 5 Online Documentation at: 
httb://www.novell.com/documentation/lg/nw5/docui/index.html#../product/ 
proc_man.html 


For NetWare articles in AppNotes and Developer Notes, check this site: 
http://www.developer.novell.com/research/ 


For tips, tricks, Q&As, and the latest information on GroupWise, ZENworks, 
and NDS, visit the Novell Cool Solutions Communities at: 
http://www.novell.com/coolsolutions/ 


We also recommend the following Novell product Web sites: 
NetWare 5- hittp://www.novell.com/netware5/ 
BorderManager- http://www.novell.com/bordermanager/ 
Group Wise-— hittp://www.novell.com/groupwise/ 
ManageWise-— http://www.novell.com/products/managewise/ 
NDS- http://www.novell.com/products/nds/ 


ZENworks-— hitp://www.novell.com/products/nds/zenworks/ 
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Features of the Novell Kernel 
Services Programming 
Environment for NLMs: Part Two 


This is part two in a series on the programming features and functionality of the 
Novell Kernel Services (NKS) programming environment from the perspective 
of my organization, which is tasked with ensuring that developers have tools 
and technologies at their disposal for writing applications that run as NetWare 
Loadable Modules (NLMs) on NetWare. 


Part one explored the reasons for this recently defined programming 
environment and examined in some detail the various interfaces surfaced by 
NKS.NLM. 


Part two, this article, focuses more closely on the programming concepts in the 
Novell Kernel Services environment including discussions of multi-threaded 
programming correctness, latency, and thread cancellation issues. 


Part three of the series will finish the concepts started in part two by covering 
the remaining programming interfaces for writing NLMs. 


Part four will discuss how LIBC sits atop NKS and make comments about 
programming at both levels. In addition, it will make pertinent remarks about 
differences in programming to LIBC as compared to CLIB. 


In “The Future of Application Development on NetWare with NLMs” (Novell 
Developer Notes, Sept. 1999, p. 27) I explained how the ten-year old CLIB 
programming environment had reached an unfortunate milestone in its attempt 
to continue to support existing NLMs coded to it and at the same time had 
moved forward to embrace support for future multi-threaded programming 
technologies. I also explained the reasons why we plan to freeze CLIB in its 
current state (plus bug fixes) and move ahead with a new environment based on 
Novell Kernel Services (NKS) plus a standard C library environment (LIBC) 
loosely referred to as NKS/LIBC. Part one of this series covered at the 
64,000-foot level the services offered by NKS. Now, we'll expose the concepts 
behind NKS thread programming by discussing thread programming to NKS 
and using synchronization variables in some depth. 
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In any in-depth discussion such as this one, it is useful to establish some 
definitions at the beginning. Since this threads discussion is pointed toward 
NetWare programming and will involve comparison between new NKS 
concepts and older tradition in programming to NetWare, we want to establish 
our definitions on that basis and, where useful, note in passing how the concept 
relates to the article. 


process 


concurrency 


multithreading 


“An instance of a running program.” Process is in use in 
many environments, not just NetWare. In NetWare, 
historically, a process and a thread have been the same 
thing, even as concepts of lighter-weight worker threads 
have arisen. In the end, scheduling differentiates threads 
rather than actual weight in data structure representation. 
The term process has mostly fallen by the wayside. 


“A stream of control that executes instructions 
independently.” In a multi-threaded system, the thread and 
not the process is the basic unit of execution. 


“Data associated with a thread.” This includes its stack, 
registers, any private data area, and all other aspects of 
the thread that fully describe its state to the kernel. 
Moreover, the user state of a thread is also part of its 
context. 


"Privileged execution mode.” Most code written to 
NetWare executes in kernel mode in the form of NLMs, 
sort of kernel extensions. This is partly the source of 
NetWare’s striking performance, but also of its 
programming difficulties. 


“Non-privileged execution mode.” NLMs run in this mode 
when loaded in a protected or ring 3 address space. The 
operating kernel is insulated from anything that code 

running in user mode does leading to the relative stability 
of the operating system and its services. 


“The performing of two or more tasks at the same time.” 
This can occur only when at least two processors are 
present in the hardware. 


"The illusion that two or more tasks are being performed 
in parallel.” Concurrency is created by an operating 
kernel’s support of multiple threads. Concurrency 
becomes parallelism once there are other processors to 
which a second thread can migrate. 


“Programming paradigm in which some tasks are 
accomplished concurrently.” This includes the analysis, 
design, and implementation of a program that splits 
execution into at least two parts that can be concurrently 
executed. 
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multiprocessing “Execution of a program using two or more processors.” 
The existence of a second processor potentially brings 
multi-threaded code in contention for the same resources 
at the same time. 


uniprocessing “Execution of code in a single-processor environment.” 
Until NetWare 4.11, this was the environment in which all 
code executed. 


preemption “Suspension of an executing thread or process on a CPU 
to replace it with another.” Preemption also tests the 
multiprocessing worthiness of code since predicting when 
it will be preempted is usually beyond the code’s ability. 


nonpreemptive “Condition of execution in which the running thread or 
process retains control of the processor until it explicitly or 
implicitly relinquishes it.” This was the case of NetWare 
until 5.0 and then, only of code running in user mode (see 
this term). 


multi-thread-safe also, multiprocessor-safe, “Multithreaded program written 
such that concurrent operations do not contaminate or 
misuse shared data and resources.” This is the correctness 
aspect of implementing a multi-threaded program. If code 
is not multi-thread-safe, it will fail to execute safely in 
environments that include multiple processors or 
preemption. 


funnelling “The act of relocating a thread’s execution from one 
processor to another.” Multiprocessing NetWare, starting 
with 4.11 SMP, provided for funnelling threads in older 
applications to make them safe. Even threads from safe 
applications are funnelled into some residually unsafe 
kernel code. Funnelling is highly inefficient execution and 
can lead to code executing more slowly than if run on a 
uniprocessor machine. 


synchronization In the context of our discussion, this is “the use of special 
variables or objects that protect data and resources with 
advisory locks.” Careful synchronization is part of the 
way multi-thread-safe applications achieve their 
correctness. 


scaling “Code’s ability to take advantage of the addition of more 
processors and achieve incremental increases in 
performance.” This can only be achieved by correctly 
multithreaded coding. The goal for multithread code is to 
achieve their output on one processor multiplied by as 
many processors as are added to the hardware. 


These definitions by themselves say a lot about how NetWare has evolved over 
the years. The main objective facing most application programmers as well as 
Novell engineers is to write (or rewrite) code that is correctly multi-threaded so 
that it scales well. 
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This section discusses the following: thread versus context, context and thread 
creation, thread state, thread yielding, and suspended and blocked threads. 


Thread versus Context 


The first concept in NKS thread programming that merits a strong discussion is 
the difference between a thread and its context. Traditionally in NetWare and in 
other thread-programming models, a thread is closely identified with the data 
structures that make up its context, and the two are inseparable. NKS, however, 
distinguishes between the two for a useful purpose. 


(Incidentally, since underneath NKS lies an operating kernel that can continue 
the traditional associations, the actual implementation of NKS threads proceeds 
along lines predictable on the implementing platform. Thus, on NetWare, when 
an NKS thread is actually running, it is executed using a thread kernel object 
that will appear in the debugger as expected.) 


NKS distinguishes a thread from its context in a way that tempts us to use as 
metaphor a ghost story. Imagine a thread as a sort of life force that can do 
nothing of itself. Imagine also context as a body that such a life force can 
inhabit. A context defines the appearance of a thread by determining where 
the thread starts executing, how much stack it uses, what its per-thread data 
might be, and an almost limitless number of ways to distinguish itself from 
other contexts. 


The thread is a vehicle for execution. Under programmer control, a thread 
comes to pick up and animate a piece of context much as some green gas picks 
up and walks around in bodies from the grave in the Night of the Living Dead. 
Like all metaphors, this one can become absurd, but the point is that contexts 
are pieces of work with a variety of aspects including state while threads are 
what give life (execution) to the context. 


With this metaphor in mind, it will be easy to understand in later discussions 
what properly and permanently belongs to a thread (very little) and what 
belongs to context (practically everything useful to the programmer). Now, that 
I’ve established this, I want to go back on what I’ve said a little bit because by 
default, creating a thread to run a context will bind the two together as tightly as 
has been the habit in the older thread-programming model on NetWare 
because the majority of use is expected to follow that procedure. The utility of 
overstating the distinction of thread and context is in other possibilities that 
their separation make available and which will be discussed here. 
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Context Creation 


Contexts are created much as threads were created in earlier programming 
models on NetWare. A start function, stack size, and other aspects are specified. 


#include <nks/thread.h> 


NxContext_t NAContextAlloc( void (*start._func)( void *arg ), void *arg, int priority, 
NXSize_t stackSize, NXSize_t privDataSize, long flags, int *error ); 


Figure 1: NKS thread/context state 
diagram. 


In the thread- and context state diagram (see Figure 1), this function creates the 
initial state of a context with no thread to run it. 


( NXContextAlloc 


NxXThreadCreate, 
NXThreadCreate, 


NXThread 


Continue 


NXThreadYield 


kernel scheduler NXThreadSuspend 


NXTI hreadExit; NXThread Exity 


NXThreadJoin 


The NKS thread stack cannot be user allocated as is possible when 
programming to CLIB or directly to NetWare. This is by design: It frees the 
programmer from dealing with stack life cycles and enforces better 
programming style. However, the size may be prescribed. The stack allocated 
for it by NKS will be in user-space or in the kernel, depending on the locus of 
execution of the calling NLM. The stack works identically to stacks in any other 
NLM on NetWare in that it can be viewed in the system debugger from ESP 
using d or dd, or using the dds command. 
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Thread Creation 


The thread is created with a context for it to run by calling a different function to 
which the context is passed. 


#include <nks/thread.h> 


int NXThreadCreate (NXContext_t context, long flags, NXThreadId_t *id); 


The thread’s actual runtime (normal or worker thread) state is a function of the 
context. In this article, we will not discuss work-to-dos, but only normal threads. 
The context may have been created with a low, medium or high priority as a 
hint to the kernel scheduler. This priority is ignored when the NLM is 
executing on NetWare because priority isn’t supported. If you are writing NLMs 
that run on NetWare, where NKS is supported, you will need to take this gap 
into account. 


However, initial state of execution of the thread can be specified through the 
flags argument to NXThreadCreate. For example, the thread can be created ina 
suspended state (Nx_THR_SUSPENDED). It can be a detached 
(NX_THR_DETACHED) or a joinable (default) thread. It may be noted through 
these flags that the context run by the thread should (by default) or shouldn’t be 
(NX_THR_DONT_DESTROY_CTX) automatically freed upon termination. 


By default, a thread is considered to be bound to the context passed in 
NXThreadCreate. Again, this is somewhat in opposition to what I set out to say. 
Later, we'll discuss thread swapping and, in another article, work-to-dos where 
the ultimate distinction between thread and context will be an essential one. 


Thread State 
Once a context has been created, thread creation will launch the whole process 


into a series of states controlled by the programmer according to this diagram. 


Except for promotion from the run queue to being the executing thread, each 
state is reached through programmer action. The initial state of a context is 
threadless as noted previously. 


The next state is one of two. If the thread was created with the suspended flag, 
then it will become suspended. By default, threads are created in the run queue 
to run as soon their turn is reached. 


Thread Yielding 


A currently executing thread can relinquish execution explicitly by calling 


#include <nks/thread.h> 


int NXThreadYield( void ); 
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#include <nks/thread.h> 


In NetWare parlance, this means it adds itself back to the end of the run queue, 
permitting other threads to run. Normally, a thread would reach, through a call 
into an I/O function or other blocking service, a point at which it would 
implicitly yield the processor. However, there are a number of reasons a thread 
might explicitly want to give up its turn at executing. One historical reason is 
conformance to the ‘nice guy’ rule of NetWare programming. 


Because NetWare has been nonpreemptive historically, it has been on the 
shoulders of the developer to determine how much work can be accomplished 
without cheating other threads of their turn on the processor. Moreover, Novell 
Labs has had a criterion or threshold of how long any one thread of a certified 
NLM can monopolize the processor. To meet this criterion, developers have 
sprinkled explicit yields in their code. Unfortunately, increases in the speed of 
the processor over the years have led to a situation in which the processor is 
performing more and more context switches per second for NLMs coded this 
way. Context switches are not a measure of true performance, but of how much 
opportunity to work the processor has lost. What took up too much time and 
failed the time-slice test on an Intel 486 is now easily beating that threshold by 
several times on the latest Pentium processors. 


So, what must be done to correct this? In general, you should try not to sprinkle 
yields throughout your code as if using a salt shaker, but in places where it 
makes sense, more, if necessary to pass certification, especially on slower 
processors. We have fixed the underlying yield code in NetWare 5 to measure 
the frequence of yields and do them less often when appropriate. Consequently, 
you must not think that an explicit yield will actually result in being moved to 
the end of the run queue nor should you try to predict when the yield will be 
ignored. The kernel will make this decision. No application should make any 
assumptions about it. 


Suspended and Blocked Threads 


A thread can be created in the suspended state or it can be put in this state using 
the interface 


int NXThreadSuspend( NXThreadId_t thread ); 
int NXThreadContinue( NXThreadId_t thread ); 


The thread itself cannot achieve this directly. This is a big difference with other 
threading models in use on NetWare including CLIB and direct programming 
to legacy NetWare threading primitives. It is widely considered incorrect for a 
thread to suspend itself, so NKS will not permit it. To allow the explicitly 
suspended thread to continue, call the second interface. 
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A thread will become suspended due to its own action by calling a blocking 
function or a synchronization function; for example, it enters this state when it 
contends for a mutex that another thread has already acquired. However, this 
blocking or sleep state (see later comments on mutex), which might have been 
better shown using a different oval in the illustration, isn’t the same thing as 
suspension: a thread blocked on a mutex cannot be continued from that state. 


Joinable Threads and Thread Termination 
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#include <nks/thread.h> 


NKS supports the notion of joinable threads, which is new to NetWare thread 
programming. This notion only applies significantly at thread termination. Prior 
to termination, joinable and nonjoinable (detached) threads are identical. A 
joinable thread waits around after termination so that another thread (which 
itself may or may not be of the joinable variety) can discover its exit status. This 
is a simple synchronization mechanism. 


The state of termination is really more a concept than a usable state. To the 
programmer, it isn’t very meaningful except in the sense that it is a convenient 
notion by which joinability can be explained. Except when joinable, a thread that 
has fallen off its last program brace (}) or has explicitly terminated by calling 
NXThreadExit is gone, and even joinable threads have gone away back to the 
kernel (for threads are kernel objects). What remains in the case of the joinable 
thread is the context and its exit status that can be read by another thread by 
calling the join interface. 


int NXThreadExit( void *status ); 
int NXThreadJoin( NXThreadId_t wait_for, NXThreadId_t *who_died, void *status ); 
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As you saw the interesting thread/context state named zombie in Figure 1, you 
naturally thought I was going to get into my Night of the Living Dead metaphor 
again. This is for the joinable thread that has just been briefly described. This 
name labels very well the final state of a thread that has finished processing: it is 
for all intents and purposes dead since it is not executing, it is not on the run 
queue waiting to execute, and it is not suspended in any useful sense. Instead, it 
is a zombie because it is dead but has not been completely destroyed. 


A joinable thread becomes a zombie when it is ready to terminate but needs to 
communicate its death to another, inspecting thread—as if it must keep 
publishing its obituary until someone reads it before the zombie can go away. 
The concept has long existed in POSIX’ pthreads and the UNIX International (UI) 
thread-programming interfaces, but is, as previously noted, new to NetWare. 
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This operation of reading the obituary or inspecting the thread is called joining. 
By default, NKS threads are created joinable. When a thread is joined, it 
communicates its termination status code (to continue our metaphor: the 
reason why it died) as decided upon by the programmer. If you have ever 
explicitly returned a value from main or by calling exit to communicate the 
success or failure of a program to the shell on UNIX, then you have exercised 
the concept of returning a termination status code. 


It is not necessary to wait for a joinable thread to die before joining it. Perhaps 
this is a little bit ghoulish; it’s like taking out a life insurance policy on a sibling 
with the expectation that he or she will soon die and you want notification as 
soon as it happens. When the thread dies, the joining thread gets the exit status. 
(The join interface goes much further in that if NULL is passed as the identity of 
the thread to be waited on, the function returns the identity and status of the 
next application thread to die.) 


Why is joining useful? A smartly coded application might find resource 
management easier if it knows when its threads die. The other reasons are 
limited only by imagination. For example, since an application must manage its 
own contexts, it may have some difficulty knowing when those contexts may be 
freed. Joining may be a solution (so would refraining from passing the 
don'’t-destroy flag when creating the thread). However, joining a thread for the 
purpose of synchronizing code or data is probably not the best thing to do if it 
means that this mechanism is used to supplant condition variables or other 
synchronization objects that are more efficient at such operations than the 
relatively costly process of creating and terminating threads. 


A joinable thread does not actually have to be joined. The library will clean up all 
unjoined threads at unload. Failure to join a thread in a long-lived application, 
however, will result in loss of memory and other resources. This is discouraged 
as bad practice. Instead, create a detached thread. Detached threads cannot be 
joined and are traditional threads in the NetWare sense. However, they can join 
any joinable threads. The first thread of an application, the one that executes its 
main function, is created by the library as a detached thread. 
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Swapping Contexts between Threads 


Now we get to the point about threads and contexts being separate and distinct. 
If a thread is created with the flag nx_THR_DONT_DESTROY_CTx, this interface is 
used to switch from the context hosted on that thread to a different one, thereby 
achieving a coroutine style of programming. The interface is: 


#include <nks/thread.h> 


int NXThreadSwapContext ( NXContext_t next, NXContext_t *prev ); 


Contexts can thus be scheduled on a pool of threads. If the original context (the 
one on which NXThreadSwap Context was called) is reused by calling this 
function again from another thread, that thread will begin executing where the 
one that abandoned the original context left off since part of the context is the 
processor state. To be clearer, the sequence of events is (read pseudocode of 
first function; follow to second; then return to first): 


[Mikcontexee_t contextl, context2; 


void RunOnContext1( void ) 
{ 
NxXContext_t dummy; 


err = NXThreadSwapContext (context2, &dummy) ; 
...coming back from context 2, continuing on context |... 


} 


void Context2StartFunc( void *arg ) 
{ 
| ... running on context 2+ this is its start function... 
err = NXThreadSwapContext (context2, &context2) ; 
| ...anything after here isn’t executed; as if longjmp were called... 


This is a concept remotely reminiscent of setimp/longjmp. 


40 THE NKS PROGRAMMING ENVIRONMENT FOR NLMS: PART TWO 


Thread-specific Data and Key-value Pairs 


#include <nks/thread.h> 


It is useful to the application to associate data with a specific thread. For 
example, perhaps the thread is performing some service on behalf of a 
registered client. It will save away a connection, a directory path, a credential 
obtained on behalf of that client, etc., for reuse every time it performs an 
operation. In the case of LIBC, it wants to maintain for each thread the notion of 
errno and other “global” variables like the string currently being processed by 
strtok or the time string returned by asctime. So, key-value data pairs are the 
NKS implementation of “per-thread global variables.” 


There are two ways an application can manage and access thread-specific data 
supported by NKS. The first and fastest way is to use the private data area. You 
may have noticed in the prototype to NXContextAlloc, a size argument for this 
purpose. The context’s private data area is allocated, like the stack, by the 
library at the time the context is created. Later, a call to 


void *NXThreadGetPrivate( void ); 


on the part of the thread bound to or animating the context will retrieve a pointer 
to this area. The contents of the area are application defined. By convention, no 
other cooperating application or library (full-blown NetWare applications tend to 
make use of other NLMs) should be using the area since only the creating 
application knows about it—its size and format. There is only one and no 
overloading can be done except by strict cooperation at the coding level. 


Asimple use of this area would be to hold a structure whose type is defined in C. 
Getting a pointer to it permits immediate use of whatever the structure holds. 


The limitations on the private data area make it useless to code that doesn’t 
know about its internal format like libraries since they provide interfaces to 
applications whose data they can know nothing about. Per-thread data has been 
at ill-supported feature at best in CLIB. To overcome the past trouble in 
furnishing a per-thread data area for unpredicted use, NKS innovates on 
NetWare a concept from pthreads called the key-value pair. 


Key-value pairs are like arrays of per-thread data. A key is created—its meaning 
is arbitrary and only understood by its creator—and reserved across all contexts 
in the current NKS virtual machine in which the application runs. We haven’t 
discussed the virtual machine yet (we will do so in part three of this series), but 
in general it can be thought of as the environment in which one and only one 
NKS application runs. This means that migrating threads outside it (a common 
NetWare programming concept) will render the keys useless, and care must be 
taken not to attribute meaning to keys on a context that a helper NLM might 
come to know. But more on this later. 
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A key can be associated with a pointer or a scalar value that is different for each 
context. For example, an application might create a key and associate with it a 
deep error value a la errno that its code sets inside various functions. The 


interfaces for key-value pairs are 


#include <nks/threads.h> 


int NxXKeyCreate( void (*destructor) ( void * ), void *value , int *key); 
int NxXKeyDelete( int key ); 

int NXKeyGetValue( int key, void **value ); 

int NxXKeySetValue( int key, void *value ); 


When a key is created, a function is associated with it that will be called for 
every context when the context is freed. This destructor will be called using the 
current value associated with the key being destroyed. If the data associated 
with the key (the key’s value) has merely been allocated using NXMemAlloc, for 
example, the destructor to be passed might simply be NXMemFree since the 
latter accepts void * as its only argument. A NULL can be passed in place of a 
function pointer for a destructor and should be where the value associated with 
a key is only some integer, as in our simple example. 


Setting and retrieving the values associated with keys are trivial operations. 
Consider the key as an index or subscript into an array: “key 1 is where I keep 
errno, key 2 is where I keep a pointer to my connection structure with the 
remote server name and the path to my client’s configuration file.” Setting an 
integer, enumeration (enum) or other scalar value for a key merely involves 
casting the value to void *. 


NXKeyDelete does not call the destructor function for every context when a key 
is deleted. This is mostly because freeing data that may be in use by other 
threads is too precarious. Consequently, it isn’t a very good idea ever to call this 
function if it can be avoided. Calling it for keys whose destructor does nothing 
or is nil will not result in lost resources, but it may be confusing to other threads 
trying to retrieve data associated with that key and that key will ultimately be 
reused if more keys are created later, resulting in potential confusion as to what 
the key really refers to. 


As already noted, keys are only meaningful within the containing NKS virtual 
machine. Why this is important will be explained later, but it is good to note 
that though libraries might make use of keys on behalf of applications, they 
must be careful if more than one application (and therefore more than one 
virtual machine) is calling. In principal, a library is more interested in the 
virtual machine that a calling thread belongs to than any thread-specific data. 
Hence this warning. The example of errno, strtok, and asctime isn’t construed 
to make you think this is how we actually implemented these interfaces in 
LIBC, but chosen because more suitable examples would not have been so 
easily understood without considerable commentary. 
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Migrating NKS Threads between NLMs 


Migrating threads between NLMs is a long-standing practice on NetWare. It is 
also at the root of many of my own nightmares in the bowels of labs at Novell 
over the years. When I say migrating, I don’t mean a thread calling into and 
coming back out of a function in a library NLM like CLIB that was written to 
support this sort of thing. I mean, instead, that the thread journeys into an NLM 
that periorms extensive work often in partial ignorance of the calling thread and 
in which the thread unwittingly acquires locks or otherwise creates state that, if 
the calling NLM were terminated, would result in anything from lost memory 
resources to a hung server. A series of figures illustrate this later. 


By the way, NetWare allows threads to be killed without bothering about 
locks or providing a competent cancellation mechanism. This is perhaps 
because the evolution in NLM complexity couldn’t have been too clear in 1988 
when the version of NetWare that introduced NLMs was being written. NLMs 
were to be an efficient, dynamic, and comparatively painless way to extend the 
kernel. The new multiprocessor kernel in NetWare 5 and the NKS interfaces 
are meant to endow NetWare with the latest multi-thread technology and 
techniques, but they can only do this if programmers play by the rules. Old 
NLMs and NLMs from nonparticipants are simply going to exhibit these 
dangers (that our up-and-coming platform code-named Modesto has been 
expressly designed to solve). 


Let’s first revist the problem of creating keys in a library NLM. Libraries can 
in fact create keys on behalf of a calling application, and this will work because 
the context on which the call is being made is known to NKS and the key will 
be for that virtual machine/application. But the library must not assume that 
the key it got for one application will have a relation to one it created on behalf 
of another! This must be taken into account and a table set up for each library 
client. This might mean that using keys may be too cumbersome a thing for a 
library to do. 


However, there is a much nastier problem alluded to by mention of an NLM 
holding locks as a result of another calling into it. lf a thread is terminated while 
it holds one or more locks in its own and especially in another NLM, this is a 
catastrophe. [ term this situation—and a whole potential world of problems like 
it—cancellation because killing or unloading an NLM is a process of 
cancellation. 
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Cancellation is the general term for the concept of a thread becoming 
inoperative in some way, usually by suspension or death. Suspending and killing 
threads are useful operations in most applications, but they present a difficult 
situation when it is unknown whether the thread undergoing such treatment 
holds a lock, for if it does, other threads contending for that lock will become 
blocked and the application could crumble in on itself functionally, or, worse 
still, another program calling into an application or library might hang because 
of it. In NetWare, when this hang occurs at unload and involves the 
system-console thread, the console becomes permanently inoperative—a 
catastrophic situation. 


Correctness 


This problem of a thread becoming inoperative while it holds a lock or other 
resource and thereby denies its use from other threads is an important issue for 
NLMs because of the peculiarly free relationships between them, especially in 
kernel mode (ring 0). 


Latency 


Using CLIB, it was possible to suspend a thread by calling SuspendThread (even 
the calling thread could suspend itself), but not to kill it. In NKS, it is possible to 
suspend another thread using NXThreadSuspend, but there is not presently an 
interface to kill it (although it can kill itself). 


Actually, suspending or killing isn’t what such interfaces do. Instead, they mark 
the thread for sleep (suspension) or death, and the marked thread continues on 
until it reaches a cancellation point at which time the library (NKS, which offers 
the cancellation point at the beginning and/or end of most of its interfaces) puts 
it to sleep, and, if required, kills it. The delta between the time this marking 
occurs and when the thread reaches the cancellation point is described as 
latency and is a particular problem. Under certain complex circumstances 
which will be discussed below, latency is an important consideration. 


Suspending and Killing: The NLM Legacy 


The problem of correctness has haunted NLMs and particularly CLIB with 
increasing worry over the years. The introduction of multiprocessing to 
NetWare sent the problem nearly to the number-one spot on the software 
defect hit charts. 


CLIB suspended or killed threads marked for such as soon as they reached the 
next cancellation point. The NetWare OS provided some primitives to regularize 
the state of some resources the thread was holding or blocking like the 
keyboard, awaiting the response of a NetWare Core Protocol (NCP) packet and 
even a crude mechanism for cancelling its hold on a semaphore, the only 
synchronization variable available in original NetWare. However, with the 
advent of multiprocessing, releasing the hold a thread has on semaphores and 
other, more complex synchronization variables becomes difficult to impossible. 
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NKS has chosen to assert less positive control over the situation. Correctness is 
now a burden on the shoulders of the NKS application (and programmer) rather 
than on the library, which cannot hope to do better than CLIB in the delicate 
interplay of NLMs on NetWare. 


NKS offers roughly the same cancellation-point opportunities to callers that 
CLIB did. Most interfaces in NKS that perform complex operations, or are likely 
to block or call through into NetWare or other low-level components, check for 
pending cancellation upon entry, and, to reduce latency, again upon exit. 


An application that only calls into NKS—and one could hardly imagine such an 
application performing much real work—is protected against incorrect behavior 
by the placement of these cancellation points and by library knowledge about 
thread and lock state. For example, when a thread acquires a lock of any sort, it 
is marked against cancellation, so that even though another thread might mark 
it to be suspended or killed, this won’t happen until the thread abandons all 
locks it holds. Thus, the library won’t honor cancellation requests when it 
knows specifically that the situation is unsafe. This increased latency may or 
may not be a problem for the programmer who must deal with it. 


Unfortunately, other NLMs—library or not—do not and cannot take the care 
that NKS exercises in this matter. Guarding against this is the programmer’s 
responsibility. 


As implied, most NKS applications will make calls into foreign components 
under NetWare that may acquire locks or other resources. The NKS library 
cannot be made aware this is happening as will happen on its native Modesto 
platform where the kernel will track them all and make dying threads rewind 
their way back through each virtual machine with appropriate error codes 
(which, one hopes, will be appropriately handled by those components). 
Consequently, acquiring a lock places a responsibility upon the thread 
programmer to avoid getting suspended or killed. This is done by performing 
explicit cancellation control in NetWare using NetWare-specific interfaces that 
are not properly speaking part of the NKS set. 


Illustrations 


The first example (Figure 2) shown is that of an NLM that calls into the library. 
Illustrated are the cancellation points of the many interfaces (cancellation points 
are shown as checked before as well as after the function’s task, another only 
before and still another only after the task). NLM A calls only into the library 
and all of its doings are known, so the programmer need take no special 
precautions with respect to cancellation. If a mutex is acquired by imaginary 
thread,, for example, it will be marked, and should thready call 
NXThreadSuspend (thread,) on it, the suspension won’t actually occur until after 
the first thread has called NXUnlock. 
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Figure 2: Illustration of cancellation 
points in the NKS library. 


In the second example (Figure 3), NLM A calls into NLM B and NLM B calls 
(on A’s thread) into NKS.NLM. This is termed thread migration, and while it is 
one of the phenomena explicitly handled by Modesto’s kernel, no such control 
is to be had on NetWare. NLM B may very well have waited on an acquired a 
mutex or semaphore. Unless the design of NLM A included specific and 
accurate details about NLM B’s behavior and knew for certain that B would not 
acquire a lock, NLM A’s thread could be suspended or killed, leaving resources 
blocked by the call made in B, leaving B in a problematic state because the 
library knows nothing about the lock B acquired and won’t disable cancellation 
for A. If NLM B is some important kernel service, this could have the gravest of 
consequences for more than just NLM A! 


Figure 3: Complex inter-NLM 
relationships. 


The solution to this situation is for NLM A to explicitly mark its thread as 
not-safe-to-cancel by calling nxCancelDisable, deferring cancelling until later. 
When this thread returns to NLM A (returns from the called function in B), then 
nxCancelknable can be called, restoring cancellability to the thread. If the 
thread had been marked for suspension or death by one of its sibling threads in 
NLM A, this could occur the next time a call was effectuated into an interface of 
NKS that offered a cancellation checkpoint. Or, NLM A’s thread could explicitly 
check to see if it was cancelled while in NLM B (and wherever else NLM B took 
it) and allow itself to be cancelled by calling nxCancelCheck. This explicit action 
is called polling. 
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Figure 4: More complex inter-NIM 
relationships. 


Note that this deferral capability only applies to the NKS library. Only NKS 
refuses to stave off suspension or death of an NKS thread that is cancel 
deferred. Other libraries and components won’t be so courteous. Some anguish 
will be left over for the programmer using legacy components and 
nonparticipating NLM libraries. 


Any other code (another NLM as shown in Figure 4) calling into NLM A, if this 
NLM exports interfaces for use by yet other NLMs, must either know 
accurately whether A’s interface will acquire locks or lead the calling thread into 
B or still another adventure in yet another NLM. Code calling NLM A cannot 
assume that because it is an NKS NLM, it is safe unless NLM A (actually, its 
programmer) certifies itself as correct. However, the thread of a foreign, 
non-NKS NLM can call safely into NLM A because NKS.NLM will not (cannot) 
perform cancellation on a foreign thread. 


Summary of Cancellation and Cancellation-Point 
Management 


The solution to the problem of correctness in cancellation is the use of both 
implicit and explicit cancellation points maintained by the library and the 
application through polling. The application has the burden of remaining very 
aware of where its threads may wander and whether they can be 
indiscriminately cancelled. It is recommended that the programmer explicitly 
disable cancellation while in unsure circumstances (calls into foreign NLMs, 
etc.) and reenable it when safe. 
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Synchronization 
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Use of synchronization is the last topic this article treats. Synchronization deals 
with ensuring that data or resource accesses don’t occur at the same instant 
from two or more threads. At first glance, the word seems inappropriate since it 
is generally used to describe setting up events to occur at the same time, but in 
fact, it is not the data accesses that are being set up to occur at the same time, 
but the data access event in one thread with data nonaccess in one or more 
others. Whatever the justification for this term, data sharing is the reason that 
multi-threaded programming is so difficult. 


First, it must be determined whether it is necessary to synchronize access to 
data. This is an object of program design. Some memory locations will be 
read-only from the beginning or after program initialization and won’t need 
synchronization. Other locations must be preserved against more than one 
thread frequently writing to them at the same time. In between, there are data 
that are changed only infrequently. NKS synchronization variables provide for 
the extreme cases and cases in between. 


Originally, the only synchronization primitive that existed in NetWare was the 
semaphore. NKS exposes a variety of other primitives because they are 
available from the new NetWare 5 multiprocessing kernel or because, in the 
case of 4.11, they have been implemented atop the legacy semaphore object. 


Synchronization Variables Advisory 


Following is a short exposé on each synchronization variable that NKS 
furnishes. These locks are advisory only. This means that if a lock is set up to 
control access to a piece of data, the actual access of the targeted resource isn’t 
magically prohibited until the lock is acquired. File-locking schemes are often 
integrated into the file I/O interfaces in such a way as to prohibit access to a 
byte range that has been locked by another entity, but with synchronization 
variables such as these, nothing in the library or the operating system will 
actually impede access to the protected data. This means that synchronization is 
a little like a game of “Simon says.” If the programmer forgets and accesses the 
data in code somewhere without having first acquired the lock, there is nothing 
in the compiler, linker, loader, library, or operating system to stop the access 
and the data may become corrupted. 


Mutex 


Mutually exclusive locks (or mutexes) serialize access to a shared state by 
assuring a single, exclusive owner. 


#include <nks/synch.h> 


NXMutex_t *NXMutexAlloc( NXHierarchy_t order, NXLockInfo_t *info ); 


void NXMutexFree( NXMutex_t *mutex ); 
void NXLock( NXMutex_t *mutex ); 
void NxXUnock( NXMutex=t’ mutex”); 
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Mutexes perform complete serialization to a resource, allowing access by only 
one thread at a time. They have in past times also been called sleep locks 
because their implementation acts to put to sleep (NXThreadSuspend) any 
thread contending unsuccessfully for a lock. All threads contending for a mutex 
are placed on a sleep queue and awakened one by one with acquisition of the 
mutex. Acquiring a mutex is construed to mean that the resource protected by it 
can now be manipulated by the owning (acquiring) thread. 


An example of a resource that might be protected by a mutex is the linked list. If 
a linked list is highly dynamic, that is, if it is frequently changed, and if the 
changes are performed by more than one thread potentially, then a mutex 
might be a good way to serialize access to it. 


With the notion of thread priority comes the implicit concept of priority in the 
mutex acquisition sleep queue. In other words, if a high priority thread is 
contesting a mutex with other, lower-priority threads, the latter should be 
positioned to acquire the mutex first. Unfortunately, this isn’t yet implemented 
on NetWare, and, in the meantime, isn’t even an advertised feature in NKS. But 
it may become one someday; the NKS documentation for thread and lock 
priority should be consulted. 


The mutex is the cheapest of all NKS synchronization variables in terms of 
overhead, work to acquire, etc. Other variables exist for clever purposes, but the 
implementor should prove their preference over the mutex because of their 
relatively higher cost. A good idea would be to make the choice of variable part 
of the implementation design document for the locking code to be written and 
then to update that document if and when after profiling, it is determined that a 
different variable type proves superior. 


Read-Write Lock 


Some resources don’t change very frequently and so there is a special twist on 
the mutex called the read-write lock. Read-write locks are sort of mutexes that 
permit any number of readers to acquire, but when write acquisition is 
requested and obtained, no readers can acquire for the duration of the write 
lock. Because they are a bit more costly in their implementation than mutexes, 
they are not to be preferred over mutexes without a) determining the ratio of 
potential write requests to read requests and b) profiling the actual result to 
verify that the correct lock choice was made. 


All aspects of the mutex except for the one just discussed apply to read-write 
locks. 


#include <nks/synch.h> 


NXRwLock_t*NXRwLockAlloc( NXHierarchy_t order, NXLockInfo_t *info ); 


void NXRwLockFree( NXRwLock_t *lock ); 
void RdLock( NXRwLock_t *lock ); 

void WrLock( NXRwLock_t *lock ); 

void RwUnlock( NXRwLock_t *lock ); 
esis 
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Semaphore 


The semaphore is a counting lock that permits up to a certain number of 
threads to “acquire” it. The number of threads permitted to hold a semaphore at 
any given time is given as the first argument to NXSemaAlloc. The concept of 
semaphore as a synchronization variable originated with a Dutch 
mathematician, Dijkstra. 


A real-world illustration might best describe the semaphore’s use. Imagine a 
railroad segment with one set of rails only. Rail traffic can proceed up and down 
the tracks, but only in one direction at a time. In fact, in the early days of the 
railroad, there was a track adornment called a semaphore that displayed the 
current direction of traffic on the track. As long as it indicated that traffic was 
flowing in the direction a new train was going, that train could venture out onto 
the tracks without worrying about a head-on collision. 


In software terms, the head-on collision to be feared is data corruption or the 
reading of potentially incomplete or corrupt data. One example might be a 
licensing check system that permits a database (a file descriptor, perhaps) to be 
in use by users. Each potential user as represented by a thread would attempt 
to acquire use of the semaphore by waiting on it. Once one “legal” thread 
posted its end of use, the next thread waiting would gain access to the database. 


#include <nks/synch.h> 


NXSema_t *NXSemaAlloc( unsigned int count, void *arg ); 
void NxXSemaFree( NXSema_t *sema ); 


void NxXSemaPost ( 


NXSema_t *sema ); 


void NXSemaWait( NXSema_t *sema ); 
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Condition Variable 


The condition variable is a sort of mixed synchronization primitive, like a cross 
between a mutex and a semaphore, and is good for check-pointing complex 
situations especially where threads are permitted to access a resource based on 
a change in some condition. As long as the condition is expressible in C, then it 
can be used to implement a condition variable. The condition variable uses a 
mutex to implement the sleeping point for the threads that must not access the 
protected resource. 
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An example of a complex situation to which the condition variable is adapted is 
the implementation of a producer-consumer or work-crew component where a 
number of threads are producing work (up to a certain amount) that consuming 
threads use without either type getting too far ahead or behind. An example of 
just such a component, coded in NKS, can be found in the SDK sample code. 


#include <nks/synch.h> 


int NXCondAlloc( void *arg ); 

int NXCondFree( NXCond_t *cond ); 

void NXCondSignal( NxXCond_t * cond ); 

void NXCondBroadcast ( NXCond_t *cond ); 

int NXCondWait( NXCond_t *cond, NXMutex_t *mutex ); 


Additional Synchronization Interfaces 


There are other interfaces beyond these. For each type of variable, for instance, 
there is a function that will perform the initialization of the variable as a part of a 
programmer-defined structure so that the lock doesn’t have to be subject to so 
much allocation overhead. These are the init- and deinit functions listed in the 
documentation (and cited in the first article in this series). 


For some locks, a calling thread can determine whether or not it is the owner of 
a lock, useful since none of the locks are guaranteed to behave well recursively. 
In addition, there are “try” functions for most locks. These attempt to acquire a 
lock, but don’t block if it cannot be acquired. If the lock can be acquired, it is, 
and, if not, these interfaces return a value to that effect. 


This interface can be useful to avoid deadlock, a notion elaborated below. Still 
other interfaces have a notion of timeout associated with them. A special 
interface permits a timed wait to acquire a lock and if the lock cannot be 
acquired before the timer expires, then the function returns an error. These two 
incantations on the locking mechanisms should be used sparingly and not as a 
remedy for bad lock design. 


Dangers of Synchronization Variable Use 


The use of synchronization variables creates a host of corner cases for their use. 
These corner cases lie in the area of blocking and cancellation, leading to 
deadlocks. An example of a deadlock is when one thread holds a resource lock 
(A) it needs to update and is waiting on another resource (lock B) that a different 
thread has already locked, and, for some reason, cannot abandon because it can’t 
finish its work. If the work of the second thread includes gaining access to lock A 
held by the first, then the deadlock is labeled a classic ABBA. The first thread 
has A and waits on B while the second thread has B and is waiting on A. 
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There are a number of ways to avoid deadlocks. The first and best is to design 
a hierarchy of lock acquisition into the implementation restricting access to 
hierarchical locking to a sequence or policy that is identical for all threads. 
NKS has been designed to help prototype and prove such policies via a 
debugging mechanism in its mutex and read-write lock interfaces. As of 
summer 1999, no implementation had yet been accomplished, but it is 
expected to happen before the NetWare 6 Pack time frame. Nevertheless, this 
will be a compile-time debugging feature to help find policy infractions; it 
won’t actually prevent them from happening. 


The second way to avoid deadlocking is to use try-lock interfaces to test for 
availability, but such an approach is costly, wasteful, and potentially sloppy. In 
our ABBA case, if we acquire A and check for B, we must release A if B cannot be 
acquired, in order to avoid the deadlock. Consequently, an access loop must be 
set up. There are situations in which a perfect hierarchical lock acquisition policy 
cannot be set up or must be violated. Try-locking is useful in these situations. 


The most serious corner cases for NetWare remain those of inter-NLM 
blocking and the problem of cancellation already explored. If a thread winds its 
way through “unknown” code in some NLM ignorantly acquiring a lock and 
then is cancelled by unloading or suspending, the NLM owning the locking 
code could be damaged in its ability to access an important resource. As NLM 
shut-down code is run through by the system console thread in the case of an 
unload request from the command line, the console risks becoming useless if it 
can’t get the NLM down due to one of its threads hanging on a 
mutex—something that will happen if the thread that acquired the mutex was 
killed while still holding it. 


In the end, the cardinal rule is that no thread must exit while holding any lock. 
Program architecture should be designed specifically to avoid this, just as it is 
important to solve all the other problems in the way of the task the application 
is to solve. 


Sample Code 


We have written some example code for common operations in NKS and 
published this code with the individual NKS function documentation on the web 
in the SDK. The URL is http://developer.novell.com/ndak. 
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Conclusion 


These are the thread and synchronization interfaces that make up Novell Kernel 
Services (NKS) on all platforms to which it has been ported, but with details 
specific to NetWare programming. Nevertheless, most of the details covered 
hold for all platforms. The next installment of this article undertakes to cover 
the concepts of programming to the remainder of the library. The fourth and 
last in the series will talk about the relationship between NKS and LIBC, which 
sits atop the former, and the differences in programming to LIBC and NKS, 
making relevant comments about and comparisons to programming to CLIB. 
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Overview of New Features in 
BorderManager Enterprise 


Edition 3.5 


BorderManager Enterprise Edition 3.5 provides the following new features not 
included in BorderManager Enterprise Edition 3 or BorderManager 2.1: 


e A Login Policy object (LPO) in NDS for centralized administration of 
authentication for VPN users, proxy users, SOCKS 5 clients, and 
BorderManager Authentication Services (RADIUS) clients. 


e Support for ActivCard, Inc. token authentication that includes the ability to 
manage and store Novell/ActivCard smart card assignments in NDS for 
VPN users, proxy users, SOCKS 5 clients, and RADIUS clients. 


e Interoperability with Security Dynamics, Inc. (SDI) ACE/Server for SecurID 
token authentication of VPN users, HTTP proxy users, SOCKS 5 clients, and 
RADIUS clients. 


e Proxy support for Real Time Streaming Protocol (RTSP) which is used to 
efficiently stream multimedia content over IP networks. 


e Built-in transparent Telnet proxy. 


e Support of LAN and broadband access for both Windows 95/98 and 
Windows NT 4.0 VPN clients using a cable modem or Digital Subscriber 
Line (DSL) to access the Internet. 
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Login Policy Object 


BorderManager Enterprise Edition 3.5 also provides the following 
enhancements to improve the functionality and ease-of-use of the software: 


¢ Improved installation to allow selective installation of all or some of the 
BorderManager Enterprise Edition services on a single server (or across 
multiple servers). 


° Capability to enable from NetWare Administrator all the BorderManager 
alerts or just the ones of interest. 


¢ Text-based logs and log file configuration files for IP packet filtering. 
¢ VPN client support for Windows NT 4.0 clients. 
e VPN client phone book capability. 


e Single sign-on for FTP and Telnet users. 


This Developer Note describes the new BorderManager Enterprise Edition 3.5 
features and enhancements and how to configure them in your enterprise 
environment. 


Prior to the release of BorderManager Enterprise Edition 3.5, authentication 
rules for users of BorderManager Authentication Services were configured for 
Dial Access System (DAS) objects in NDS. A user could dial in to a remote 
access server only if an administrator assigned an authentication rule for the 
user at the DAS object representing the server in NDS. If a user dialed in 
through multiple remote access servers, the administrator was required to 
create an authentication rule at each DAS object representing those servers. 
The Login Policy object (LPO) enables an administrator to define authentication 
rules for users as part of a policy that can be accessed by multiple servers. The 
function of the LPO has also been extended to the authentication of Virtual 
Private Network (VPN) clients, proxy users, and SOCKS 5 clients. 


The following is now true for BorderManager authentication: 


¢ Only one LPO is allowed per NDS tree. It is created in the Security container 
at the root of tree. 


¢ Authentication rules and policies are defined and stored in NDS at the LPO 
and are globally managed with NetWare Administrator. 


¢ Amodule called the Authentication Device Manager (ADM) running on 
each BorderManager server is responsible for processing all authentication 
requests and checking the LPO authentication rules for each 
BorderManager service enabled on the server. 


¢ Ifan LPO is not defined, the ADM cannot process authentication requests 
and access to BorderManager services requiring authentication is denied. 


¢ A BorderManager server that does not have a local NDS replica cannot 
access the LPO unless it is a trustee of the LPO with Read rights to the SAS: 
Policy Credentials attribute explicitly assigned. 
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Creating a Login Policy Object 


To create a Login Policy Object (LPO) in your NDS tree, do the following from 
NetWare Administrator (you must be logged in as Admin or another user with 
administrative rights to the root of the NDS tree): 


1. 
2. 


3. 


Under [Root], right-click the Security object and select Create. 


Double-click Login Policy and click Create. (You are warned that you must 
define at least one rule for each BorderManager service. See the next 
section for the procedure.) 


Click OK to view the Login Policy details page. 


Creating Login Policy Rules 


When you create a Login Policy authentication rule, you can specify the 
following: 


Service Type—Which BorderManager service the rule applies to (VPN, 
SOCKS, Proxy, or a DAS object name for Authentication Services) 


User List—Which NDS users the rule applies to (User, Container, or Group 
objects) 


Methods—Which authentication methods the rule will enforce 
Method Enforcement—How the rule is to be enforced 


Method Restrictions—Whether to limit the number of grace logins 


To create a Login Policy authentication rule, do the following from NetWare 


Administrator: 

1. Ifyou just created your Login Policy object (LPO), the Login Policy page is 
automatically displayed. Otherwise, right-click the LPO and select Details. 

2. Click Rules > Add. 

3. Select Predefined to specify VPN, SOCKS, or Proxy service types, or select 
Object name and browse to select a DAS object (for BorderManager 
Authentication Services). 

4. Click User List > Add to add the User, Container, or Group objects whose 
authentication will be enforced by the authentication rule. 

5. Click Methods > Add to configure the Login Method options. 

6. Click OK. 


Figure 1 shows the Login Method configuration window. 
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Figure 1: The Configure Login 
Method Window. 


Note: 


4) Configure Login Method 


The Method Types are defined as follows: 


© Object name. Although this method type has the same identifier as one of the 
service types, they are completely different objects. The object name for 
Service Type represents a DAS object. The object name for Method Type 
represents a Login Method Container. A Login Method Container holds the 
Authentication Device objects (tokens) from a particular vendor. See the 
next section for more information about tokens. 


e NDS password. This method type requires the user to enter an NDS 
password when authenticating. 


e Dial access password. This method type requires the user to enter a dial 
access (RADIUS) password separate from the NDS password. The password 
is exchanged using the Password Authentication Protocol (PAP). 


e Dial access password. This method type requires the user to enter a dial 
access (RADIUS) password separate from the NDS password. The 
password is exchanged using the Challenge Handshake Authentication 
Protocol (CHAP). 


e Any user-defined device. This method enables token-based authentication 
using tokens from multiple vendors. See the next section for more 
information about tokens. 


Dial access passwords are valid only with BorderManager Authentication Services. 
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The Method Enforcement options are defined as follows: 


¢ Mandatory. This option enforces the Login Method at all times. 


¢ Required if assigned. This option enforces the Login Method only if the user 
has an assigned token. 


¢ Acceptable. This option accepts the Login Method as one of multiple 
methods that are available. 


Not all Method Types and Method Enforcement options are available to all 
Service Types. Further, the ability to decrement grace logins for VPN clients 
is not applicable. Refer to Table 1 for the Login Method options available for 
each service type. 


Table 1: Login method options available for each service type. 


Method Types Method Enforcement Method Restrictions 


VPN (Predefined) Object name (Login Method 
Container for tokens) 
Any user-defined device 


Mandatory 
Required if assigned 
Acceptable 


Not applicable 


SOCKS (Predefined) | Object name (Login Method 
Container for tokens) 
NDS password 


Any user defined device 


Mandatory 
Acceptable 


Decrement grace logins 


Proxy (Predefined) Object name (Login Method 
Container for tokens) 
NDS password 


Any user-defined device 


Mandatory 
Acceptable 


Decrement grace logins 


Object Name (DAS 
object) 


Object name (Login Method 
Container for tokens) 
NDS password 

Dial access password 
Dial access password 
(CHAP} 

Any user-defined device 


Mandatory 
Acceptable 


Decrement grace logins 


Note: Although NDS password does not appear as an available method type for VPN client 
authentication, if token-based authentication is used to authenticate a VPN client, the 
user must provide both a token password and an NDS password during login. NDS 
password is listed as the default Method Type with Prerequisite listed for Method 
Enforcement. 
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Figure 2: Order of authentication 
rules. 


Note: 


All authentication rules defined by the LPO are stored in a single list regardless 
of which services they apply to. However, the first rule in the list that applies to 
an authentication request is used. If there are two rules for proxy authentication 
and a user’s authentication request succeeds based on the first rule, the 
subsequent rule does not apply. After a rule matches, rules sequentially lower in 
the list are not considered. (This is similar to how BorderManager access 
control rules are executed.) 


For example, as shown in Figure 2, if a user has been assigned an ActivCard 
token, it is an acceptable authentication method (1st method in list). If the user 
has been assigned a token from another vendor, the user must login with a 
token (2nd method in list). Finally, if the user has not been assigned a token, 
the user must authenticate using an NDS password (rd method in list). 


4 Login Rule Configuration 


Acceptable 
Any user-assigned device Required if assigned 
NDS password Mandatory 


Although both are stored in NDS, authentication rules and BorderManager access 
control rules have a different function. For example, a proxy user may have an access 
control rule granting access to Web content and a separate authentication rule 
specifying the authentication method. If the user fails to authenticate using the method 
specified by the authentication rule, access is denied, even though the BorderManager 
access control rule grants access. 
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Assigning Trustee Rights to BorderManager Servers 


1. 
2. 
3. 


Figure 3: Granting LPO Trustee 
Rights to servers without an NDS 
replica. 


without a Local NDS Replica 


A BorderManager server with a local Read/Write or Read-Only NDS replica 
can automatically access the authentication rules defined by the LPO. 
However, a BorderManager server that does not have a local NDS replica 
cannot access the authentication rules. You must make the server a trustee 
of the LPO. See Figure 3. 


To make the server a trustee of the LPO, do the following in NetWare 
Administrator: 


Select the LPO located in the Security container at the root of your NDS tree. 
Select Object > Trustees of this Object. 
Select Add Trustee. 


Browse for and select the Server object representing the 
BorderManager server. 


Deselect all object rights. 

Click Selected Properties. 

Scroll down and select the SAS: Policy Credentials attribute. 
Under Property Rights, click Read. 

Click OK. 


Security 
SJF-TPUBS3. toubs-border3 


SAS:Allow NDS Passwon 


‘olicy Credentials 
1SA4S:Policy Methods : 
SAS:Policy Object Versio 
{SAS:Policy Service Subty 
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Token-Based Authentication 


BorderManager Enterprise Edition 3.5 supports token-based authentication for 
VPN, SOCKS, Proxy, and remote access clients. 


Token-based authentication is an example of two-factor authentication. In 
contrast to password authentication, which relies solely on the use of a 
single password, two-factor authentication incorporates a personal 
identification number (PIN) in addition to a hardware or software token 
device. Smart cards (credit-card-sized devices that are preprogrammed with 
unique passwords) are an example of hardware tokens. Software tokens are 
generated by software installed on a computer. After being activated by a 
user entering a PIN, a software token provides a unique password for 
authentication. Because of the additional requirement of token generation, 
two-factor authentication is more secure than password authentication and is 
often referred to as strong authentication. 


There are two methods for token authentication. The asynchronous (or 
challenge/response) method requires that the server send the token device an 
encrypted message. The token device uses a preset algorithm and shared secret 
to decrypt the message and respond with the correct password encrypted with 
the shared secret. The synchronous method requires that the server and the 
token device simultaneously calculate a challenge message using parameters 
from a time counter or login event counter, or both. If the calculated messages 
match, the authentication is successful. 


How Tokens are Stored in NDS 


BorderManager Enterprise Edition 3.5 natively supports Novell/ActivCard 
tokens. A special container in NDS stores information about these tokens. 


Novell/ActivCard tokens must be initialized (or imported) for storage in NDS 
and assigned to users before token authentication can occur. Initialization of 
smart card tokens involves attaching a hardware token programming device to 
a serial port on the administrative workstation and inserting the smart card to 
be initialized into this device. This is known as local initialization. During 
initialization of Novell/ActivCard tokens, you use NetWare Administrator to 
specify the type of device (smart card), a profile, a language, the serial port 
(COM1 or COM2), and an initial PIN. Novell/ActivCard devices support 
English, Finnish, French, Norwegian, Spanish, and Swedish. 


You can also perform what is known as a manual initialization. With manual 
token initialization, you use NetWare Administrator to generate and display a 
secret code for the token. You then manually enter the code into the token 
programming device so the smart card uses the same code. 


Novell/ActivCard smart cards that have been pre-initialized at the factory can 
also be used. In this case, you must use NetWare Administrator to import the 
device image files from a disk into NDS. The tokens must be assigned to users 
before they can be used for authentication. 
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Note: 


NEw 


If your network users are already equipped to use SDI SecurlD tokens in conjunction with 
an ACE/Server, the BorderManager Enterprise Edition 3.5 software can forward 
authentication requests to an ACE/Server when a BorderManager service requires a 
user to authenticate. However, unlike ActivCard tokens, information about SecurlD 
tokens is not stored in NDS. 


To better understand how to manage both ActivCard and SecurID token 
authentication for BorderManager services, consider the objects that are 
created in NDS: 


e Authentication Device objects 
e ActivCard Containers 


e External Login Service objects 


Authentication Device Objects 


An Authentication Device object stores information about a single token in 
NDS. Each token that is initialized or imported results in the creation of a 
unique Authentication Device object in NDS. 


ActivCard Containers 


BorderManager Enterprise Edition 3.5 natively supports Novell/ActivCard 
One, Novell/ActivCard Plus, and Novell/ActivCard Gold smart card tokens. A 
new class of object called ActivCard Container stores the Authentication 
Device objects created from the initialization or import of ActivCard tokens. 
The ActivCard Container is created in the Security container under [Root] in 
your NDS tree. 


External Login Service Objects 


BorderManager Enterprise Edition 3.5 provides interoperability for SecurID 
token authentication through a Security Dynamics, Inc. (SDI) ACE/Server. 
ACE/Server network security software runs on UNIX and Windows NT 
platforms. When the BorderManager receives a request for SecurID token 
authentication, it uses the RADIUS protocol to forward that authentication 
request to an ACE/Server. The ACE/Server can be an internal server residing 
on the same network as the BorderManager server, or it can be an external 
server on a public network. 


To support SecurID token authentication, you must create an External Login 
Service object in the Security container under [Root] in your NDS tree. The 
External Login Service object stores details about the primary and 
secondary IP addresses of the ACE/Server and the primary and secondary 
shared secrets for RADIUS. These fields must be configured before users 
can authenticate using SecurID tokens. 
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RTSP Proxy 


Managing Tokens with NetWare Administrator 


In summary, you can use NetWare Administrator to 


¢ Create ActivCard Container and External Login Service objects 
e Initialize tokens 

e Import token device files 

e Assign tokens to users 

e Enable and disable tokens 

e Test token passwords 


e Synchronize tokens (If you are using synchronous token authentication and 
the counters on the server and a token device become out-of-sync, you can 
use NetWare Administrator to synchronize the token with the server.) 


e Unlock tokens (For security purposes, a token is typically locked after a user 
enters a series of incorrect PINs. The locked token cannot be used until an 
administrator unlocks it.) 


BorderManager Enterprise Edition 3 enabled clients using Real Players to 
connect to RealAudio servers through the RealAudio proxy. Because 
requests were fulfilled through the RealAudio proxy, private hosts were 
essentially hidden from the public network. However, a limitation was that 
the RealAudio proxy did not support Real Time Streaming Protocol (RTSP). 
RTSP controls multiple data delivery sessions that are multicast to clients. 
Therefore, any UDP, TCP, IP, or IP Multicast application that required RTSP 
could not connect through the RealAudio proxy. BorderManager Enterprise 
Edition 3.5 extends the RealAudio proxy to support connections to servers 
using RTSP. To enable this feature using NetWare Administrator, check the 
RealAudio and RTSP Proxies check box within the Application Proxy tab on 
the BorderManager Setup page. 
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Transparent Telnet Proxy 


BorderManager Enterprise Edition 3 did not have a built-in Telnet application 
proxy. However, you could create a Telnet proxy by configuring the Generic 
TCP proxy or the Generic UDP proxy. However, one difficulty with using a 
generic Telnet proxy was that each Telnet session had to be configured to 
connect to the specific IP address representing the Telnet proxy. 
BorderManager Enterprise Edition 3.5 now has a built-in transparent Telnet 
proxy that enables users to seamlessly connect to the Telnet proxy without 
requiring that each session be configured to point to the proxy server. The 
function of the transparent Telnet proxy is similar to that of the transparent 
HTTP proxy. To enable this feature using NetWare Administrator, check the 
Transparent Telnet Proxy check box within the Transparent Proxy tab on the 
BorderManager Setup page. Double-click Transparent Telnet Proxy to specify 
the connection ports for Telnet sessions that are to be monitored and redirected 
to the Telnet proxy. You also have an option to specify the IP addresses of 
Telnet servers for which you want redirection to be disabled. 


VPN LAN Client Software 


OVERVIEW OF 


When you install the VPN client software you have the option to select the 
Dial-Up VPN Login check box, the LAN VPN Login check box, or both. The 
installation program automatically creates shortcuts on your desktop 
corresponding to these login options. If you install both the Dial-Up VPN 
Login and the LAN VPN Login options, two different shortcuts are created 
on your desktop. 


Logging in using the VPN LAN Login option is very similar to logging in 
using Dial-Up Login option except the VPN LAN Login option does not 
require the following: 


e Configuration of a dial-up entry name (created by double-clicking the Make 
New Connection icon) 


¢ Configuration of the server type (Novell Virtual Private Network) for the 
dial-up entry 


e Entry of the dial-up username and password during login 


e Entry of a RADIUS domain for authentication by a RADIUS proxy server. 


Figure 4 shows what is required for login using the VPN LAN Login option. 
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Figure 4: Fields required by the VPN 
LAN Login Option. 


P| Novell ¥PN Login = | x! 


Novell BorderManager VPN Client 


tpubs-border3 


30.57.82.113 


Note: The NetWare Options and the information shown under VPN Status for VPN LAN Login 
are the same as those for VPN Dial-Up Login. 


Additional BorderManager Enhancements 


This section briefly describes other BorderManager Enterprise Edition 3.5 
software enhancements. 


Improved Installation 


The BorderManager Enterprise Edition 3 software required that you install 
all the software components as part of an integrated installation. The 
installation program copied all the firewall/caching NLMs on servers even if 
you wanted to set up a VPN only. The BorderManager Enterprise Edition 3.5 
software now provides check boxes to select which services to install. You 
can select to install BorderManager Firewall/Caching Services, 
BorderManager VPN Services, or BorderManager Authentication Services 
individually, or select to install all three. 


NOVELL DEVELOPER NOTES *© OCTOBER 1999 65 


66 


OVERVIEW OF 


Note: 


NEW 


Flexible Alert Notification 


BorderManager Alert sends an e-mail message when certain server events 
occur, such as a disk space shortage or a TCP/IP SYN packet flood. However, 
when BorderManager Alert was enabled for the BorderManager Enterprise 
Edition 3 software it was an all-or-none event. Only the entire set of alerts could 
be enabled or disabled. The BorderManager Enterprise Edition 3.5 software 
now provides the capability to enable all of the alerts or a subset of them. To 
select the alerts during setup, you can check the check boxes in NetWare 
Administrator corresponding to the following alerts: 


e Disk space shortage 

e Loading of security sensitive NLM 
e ECB shortage 

e License error 

e Oversized Ping packet 

e SYN packet flooding 

e Oversized UDP packet 

e JCP parent down 

¢ SOCKS server down 

e POP3 or SMTP server down 


Text-Based IP Packet Filter Logs 


BorderManager Enterprise Edition 3 packet filter logging relied on the Btrieve 
database. Some drawbacks to using the Btrieve database included the 
requirement that IPX be supported on your network, the slow performance of 
Btrieve, and the inconvenience of using CSAUDIT to access and manage the log 
files. The BorderManager Enterprise Edition 3.5 software now provides 
text-based logging for IP packets. You can view the log files with any text editor. 
In addition, the log configuration file is a text file. You can specify the archiving, 
rollover, and size of the log files by editing parameters in the log configuration file. 


IPX packet filter logs still rely on Btrieve and have not been converted to text-based logs. 
With BorderManager Enterprise Edition 3.5, you can no longer view or export IP or IPX 
packet filter logs from NetWare Administrator. 


VPN Support for Windows NT 4.0 Clients 


BorderManager Enterprise Edition 3.5 now supports VPN connectivity from 
Windows NT 4.0 clients. Windows NT 4.0 clients can now access a VPN 
server using either a dial-up or LAN connection. See the previous VPN 
LAN client software section in this article for more information about VPN 
LAN connections. 
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Conclusion 


Note: 


Editor’s Note: 


VPN Client Phone Book Capability 


The phone book capability enables clients to easily dial in to an ISP by selecting 
a phone number from a pre-configured or custom phone book. Because the 
VPN client can use any phone book created by Microsoft Connection Manager, 
the VPN client can access any phone books distributed by ISPs as long as they 
were created in that format. Phone books that are not created in that format can 
be converted using the VPN client software. 


When the phone book capability is selected, phone books located on the 
workstation are listed in the Phone Book drop-down menu. 


Single Sign-On for FTP 


BorderManager Enterprise Edition 3 supported single sign-on for the HTTP 
proxy and Novell IP Gateway through the use of the CLNTRUST.EXE and 
DWNTRUST.EXE modules on Windows 95/98 and Windows NT 4.0 clients. 
BorderManager Enterprise Edition 3.5 extends single sign-on to the FTP proxy. 
If a user is already authenticated to one of these proxies or the Novell IP 
Gateway, use of another proxy does not require the user to log in again. The 
additional authentication occurs in the background and is seamless to the user. 


With BorderManager Enterprise Edition 3.5, only the synchronous method can be used 
to authenticate tokens used by VPN, proxy, or SOCKS clients. However, BorderManager 
Authentication Services supports both synchronous and asynchronous methods. 


The IP packet filter logs are stored in the SYS:ETC\LOGS\IPPKTLOG directory. The log 
configuration file is located in the SYS:ETC and is named IPPKTLOG.CFG. 


This Developer Note has described the new features and enhancements in 
BorderManager Enterprise Edition 3.5. Refer to the online NetWare 
Administrator Help, the product documentation, and the Readme for specific 
configuration procedures. 


The BorderManager Enterprise Edition 3.5 documentation is located at: 
http://www.novell.com/documentation/Ig/bmee3.5/docui/index.html 


The BorderManager Enterprise Edition 3.5 Readme and updates to the Readme 
are located at: http://support.novell.com/cgi-bin/search/tidfinder.cgi?2952460 
and http://support.novell.com/cgi-bin/search/tidfinder.cgi?295 1388 


For more information about configuring BorderManager Enterprise Edition 3.5 
servers to operate with third-party authentication servers, refer to 
http://support.novell.com/cgi-bin/search/tidfinder.cgi?2952863. 


Laura Pan’s book, Novell’s BorderManager Administrator’s Handbook, is a 
task-oriented guide that provides instructions for installing, monitoring, and 
troubleshooting BorderManager. See the Novell Press home page for more information: 
http://www. novell.com/books. 
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Novell Developer Workshop 
Tour 799 


NDS, LDAP, NetWare 5, and Java are rich environments for developers, 
consultants, and integrators. The Novell Developer Workshop Tour ’99 is 
designed to help you get code written faster and better—and get a better 
product out the door. 


This is a great opportunity to interact with Novell personnel and receive 
intensive entry- to intermediate-level training on products from Novell and key 
partners. You'll learn how to make the most of the Novell Developer Kit, and 
you'll receive training on new developer technologies such as NDS 8, LDAP, 
NetWare 5, IBM WebSphere Application Server for NetWare, Oracle for 
NetWare, and Pervasive SQL. 


The following topics are planned for coverage during the Workshops. Please 


refer to the Workshop Web site at http://developer.novell.com/workshop for the 
latest details of schedule and content. 


WORK SEH OrP T'O.URR “eg 


Track 1 


NDS Development with LDAP 


As Novell moves to open standards based access to the Directory, LDAP will 
play a more important role in development. This session will provide you with 
the basics of using LDAP and how LDAP can be used to access NDS. 


Possible topics: 


e History of LDAP and NDAP 

¢ How LDAP and NDAP come together 
e Setup and configure the LDAP server 
e Using the LDAP APIs 


For more information: 
NDS—hittp://developer.novell.com/nds 
NDS downloads—http://developer.novell.com/ndk/nds.htm 


LDAP—hitp://developer.novell.com/nds/ndsldap.htm 


NDS Task Examples in C with LDAP 


Actual task-based coding examples of some of the more important tasks 
performed when creating NDS-aware applications. These tasks examples can be 
used as a basis for and or part of your own applications. 


Possible topics: 


e Creating Authenticated connection 

e Reading Attribute values 

e Searching Attribute values 

e Reading/Writing Stream Attribute values 

e Creating NDS Objects 

e Writing Attribute values from NDS Objects 


For more information: 


“DeveloperNet University’s NDS 102: Using C and LDAP,” Novell Developer 
Notes, March, 1999, p. 12. 
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NDS Development—Extending the Schema 


An often confusing area of NDS development, Schema extensions will be 
clarified by this session. Not only will you learn how to extend the schema, but 
more importantly you will learn why and even why not to extend the schema. 
Overviews of the various tools available and how their use fits into development 
will also be covered. 


Possible topics: 


e Overview of the Schema 
e Schema extension tools 
e ConsoleOne 

e Using LDAP APIs 

e Root DSE 


For more information: 
“Schema Enhancements for NDS 8,” Novell Developer Notes, June, 1999, p. 35. 
“Designing NDS Schema Enhancements,” Novell Developer Notes, July, 1999, p. 4. 


“Extending the NDS Schema with DSAPIs,” Novell Developer Notes, July, 1999, 
pi 55. 


“SCHMAP: NDS Schema Extension and LDAP-to-NDS Mapping Utility,” Novell 
Developer Notes, September, 1999, p. 41. 


NDS Data Migration 


Now that you have decided to use NDS, what do you do with all of your existing 
data that fits into the Directory. This session will provide you with an overview 
of tools and techniques for migrating existing data to NDS. Also covered will be 
emerging technologies and how standards play into the Directory. 


Possible topics: 


e Using LDIF files 
e DirXML 


e Tools demos 


For more information: 


“SCHMIG: Schema Migration Utility,” Novell Developer Notes, September, 1999, 
pol: 


WORKSHOP Tour "99 


Track 2 


NDS Development with ActiveX/ODBC 


Learn to use the Novell Controls for ActiveX to speed your development. 
ActiveX controls hide the complexities of the underlying technologies and allow 
developers to concentrate on the usability and user interface of an application. 
The Novell Controls wrap up a significant number of the APIs for accessing 
NDS and allow for rapid application development. You will also see actual task 
examples of the use of the controls to solve a number of basic NDS functions. 
The ODBC driver for NDS allows you to read data from NDS. With this tool you 
can create reports and display your NDS data in whatever manner you need. 


Possible topics: 


e Using the Novell ActiveX Controls 
e Using the ODBC Driver for NDS 
e NDS Task Examples with ActiveX 


For More Information: 


“Programming with the Novell Controls for ActiveX and Visual Basic: Getting 
Started,” Novell Developer Notes, June, 1999, p. 4. 


“The Novell Controls for ActiveX and Visual Basic: Logging In,” Novell 
Developer Notes, July, 1999, p. 43. 


“The Novell Controls for ActiveX and Visual Basic: Searching NDS Field 
Values” (this issue) 


NetWare Programming in C 


For more information: 
hitp://developer.novell.com/ndk 


NDS Development with Java 


Java is becoming the development environment of choice for Internet/Intranet 
applications. This session will provide code-level examples of the various ways 
to access NDS using Java as your programming language. Real-world examples 
of Java code can be used in your development to add NDS access. 


Possible topics: 


e Using the Directory JavaBean 
e Using JNDI 
e Using JDAP 
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For more information: 


Novell Java FAQ—Attp://developer.novell.com/dev_resources/faq/javafaq.htm 
Java Runtime Environment—Attp://developer.novell.com/ndk/jre115i.htm 


“Configuring JavaBeans for Novell Services,” Novell Developer Notes, June, 1999, 
p. 12. 


“Using JNDI and Novell’s NJCL to Access NDS” (this issue) 


WebSphere and WebSphere Studio 


Partnering closely with IBM, Novell is bringing WebSphere to the NetWare 
platform. Leverage the very robust application server functionality of 
WebSphere to create Internet/Intranet/E-Commerce applications. Along with 
WebSphere, Novell plans to provide WebSphere Studio Entry Level with the fall 
Cobra release. Together this powerful package allows you to build servlets and 
Java Server Pages. 


For more information: 
WebSphere—http://www.software.ibm.com/webservers 


Developing to Novell’s Single Sign-On 


Oracle Track 


Are you working with Oracle? The rapid growth in Oracle deployments on 
NetWare has contributed to the business ecosystem of customers, developers, 
solutions, and service providers that has evolved along with the success of the 
NetWare 5 platform and NDS. Learn how to plan and create multi-tier 
applications that leverage Oracle databases through NDS and LDAP. 


The following sessions are planned: 


e Introduction to Oracle for NetWare 

e Application Development with Java and Oracle8i 

e Developing CORBA Applications with Oracle8i 

e Developing Web Applications and Web Sites with Oracle WebDB 
e¢ Oracle and XML—A Technical Overview 


72 Novett DEVELOPER WORKSHOP TOUR ‘99 


For more information: 

Oracle—http://www.oracle.com 

Oracle and Java—http://www.oracle.com/java 

Novell CORBA downloads—http://developer.novell.com/ndk/corbaprog.htm 
Oracle Internet Platform—hitp://www.oracle.com/iplatform.com 


WebDB—hittp://www.oracle.com/tools/webdb/index.html 


Pervasive.SQL Lunch and Learn 


Do you have a Btreive application? Pervasive Software has dramatically 
improved the functionality and performance of Btrieve with its Pervasive.SQL 
product. Learn about the advantages of upgrading to the current Btrieve 
database technology on NetWare 5 and discover other Pervasive products 
designed for developers that radically simplify the development process. 


For more information: 


Pervasive SQL—Attp://www.everyware.com/products/sql 
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This installment of Code Break contains the following sections: 


What’s New: Learning Opportunity for Developers 

Tech Tips: Help with NDPS develo er omponents. 
The Java Scene: Java and You 
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AS” for Developers 
Novell Developer Workshops Set to Tour the World 


he Novell 
Workshop tour is coming 


Developer 


soon to a city near 

you. The workshops give 
software developers all over the 
world the chance to learn 
from the experts about topics 
LDAP 
NetWare 5, Oracle integration, 


such as solutions, 


and much more. 


Novell Developer Workshops are 
intended specifically for develop- 
ers, administrators, and consul- 
tants involved in design, coding, 
and implementation of client 
/server database and Internet- 
based applications on NetWare, 
Windows NT/2000, UNIX, IBM, 
Solaris, and Linux platforms. 
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Directory-based Solutions 
Training 


Seven workshop sessions will 
focus on helping developers get 
the most out of NDS using LDAP: 
e NDS Development with LDAP 


e NDS Task Examples in C with 
LDAP 


e NDS Development: Extending 
the Schema 


¢ NDS Data Migration: Tools and 
Techniques 


e NDS’ Development’ with 
ActiveX/ODBC 


e NDS Development with Java 


¢ Developing to Novell’s Single 
Sign-on 
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NetWare Training Sessions 


Other workshop sessions focus on 
NetWare and its capabilities: 


e NetWare Programming in C 
¢ WebSphere on NetWare 


e¢ Developing to WebSphere 


More Workshop Benefits 


Attendees will also walk away 
from these workshops with the 
Novell Developer Kit and a beta 
version of the upcoming release 
of NetWare code-named “Cobra.” 
The Cobra release of NetWare 
will integrate many Web- 
enabling technologies, including 
a 5-user version of Oracle8i and 
Oracle WebDB for Web-enabling 
SQL databases, and Netscape 
Enterprise Server for enterprise- 
class Web server capabilities. 


How to Sign Up 


The workshops are free for 
DeveloperNet members, includ- 
ing those who have enrolled in 
the no-cost electronic member- 
ship. Otherwise, the cost is $249 
for the one-day workshops and 
$349 for two-day workshops. But 
the workshops do fill up quickly, 
and Novell is encouraging people 
to sign up for the workshops 
as soon as possible. You can 
check out the schedule and regis- 
ter right over the Web at 
http: / /www.developer.novell.com/ 
workshop. 


1CodeBreak 


x 


Tips ) 


OD = 
Novell and America KE 
Online Team Up Sos 101000101010100101101101010010101000101010010100101010100101010101001010 
ConsoleOne 


AOL Instant Messenger to Integrate 
with NDS 


Novell and America Online have announced an 
agreement to further accelerate the deployment of 
the AOL Instant Messenger (AIM) application 
within the rapidly growing business and enterprise 
markets. Under the agreement, Novell will inte- 
grate AIM with its full-service Novell Directory 
Services (NDS), used to manage and control user 
access to applications and other resources on busi- 
ness networks. The installed base of 80 million 
Novell users will gain the ability to establish poli- 
cies for corporate access controls and encryption of 
business communications, accelerating efforts to 
expand AIM’s reach into the enterprise market and 
enhance business productivity for users. 


Y2K Readiness Made Easier 


ZENworks and Check 2000 Take the Bite Out 
of Y2K Bugs 


Check 2000 is a Y2K assessment tool from 
Greenwich Mean Time that identifies potential 
Year 2000-related issues at the desktop, and then 
recommends appropriate fixes. The application 
checks PCs on all five levels of Y2K preparedness. 
Novell’s ZENworks, which ships with a five-user 
version of Check 2000 (additional licenses can be 
purchased separately from Novell), is the only 
directory-enabled desktop management solution on 
the market. ZENworks reduces costly maintenance 
and troubleshooting tasks by automating software 
distribution and desktop configurations, and let- 
ting network administrators monitor and repair 
PCs from a central location. Together, the two 
products provide a powerful solution that helps 
businesses assess their networks for Year 2000 
issues, apply appropriate fixes, and deploy Year 
2000-ready products. 
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Questions answered by Allen Carter, Ken M 
avis, and Jill Pelavin, Novell; . 
tgomery, Netoria; and Marla Bonar, 


Q. I have created a snapin and I have been testing it on 
sample objects and now I need to test it on “live 
data.” I am using VisualCafe and after manually 
jarring my class files and providing my own for- 
matted manifest file, ConsoleOne still does not rec- 
ognize my snapin. I tried both auto register and 
explicitly naming the class where getRegistration is 
called but ConsoleOne still does not acknowledge 
the snapin. 


. On the project menu in VisualCafe, select options 
and make sure that the output class files are going 
to a directory under the snapins directory in 
ConsoleOne. If your ConsoleOne installation as a 
RUN.BAT file, you can add -systemout and -debug 
to get ConsoleOne information messages. Also, 
make sure when you register that you are using 
the same package name that your source file uses. 
In the project box, type “-systemout -debug” so you 
can use System.out.println’s. 


. I’m extending schema to create new classes. When I 
create an object of this class, ConsoleOne shows it 
with default Icon. How can I change it ? 


. Make an icon by the same name as name of the 
class (same spelling, caps, etc.). The file should be a 
gif file. Place the gif into /com/novell/admin/com- 
mon/ui/images/ as the directory when jarred. Next 
time a class of that name is created the gif will be 
used for the icon. 


. I have installed the ConsoleOne Web Edition and I 
like it; do you expect to release an NDK for 
ConsoleOne Web Edition? 


. There are no present plans to produce a deve- 
loper version of ConsoleOne with an NDK and 
published APIs. 
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Q. Where can I download the lat- 


est ConsoleOne? 


A. The new ConsoleOne 1.2b is 


available for downloading at: 


http:/ /developer.novell.com/ 
ndk/nco.htm. 


Q. Can I assume that when I 
get make an ObjectEntry 
Enumeration of an entire tree 
that the order it is inserted 
maintains the container/leaf 
relationship? I ask this because 
I am using a TestNamespace 
and I noticed that when they 


were creating a fake model that 


added a container, its children Q. 


then another container and 
next a child that is a leaf of the 
first container. So when I 
retrieve the entries in the 
ObjectEntryEnumeration they 


are not in order: 
By order I mean the following: 


Novell container 
leaf -> parent Novell 
leaf-> parent Novell 


IBM container 
leaf -> parent IBM 
leaf -> parent IBM 


but the testnamespace is 


Novell container 
leaf -> parent Novell ry 
leaf-> parent Novell 


IBM container 
leaf -> parent Novell 
leaf -> parent IBM 
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But with “live data” will this 
be a concern? Does NDS know 
to keep the right order? Is there 
a shell call to check if the next 


node is a leaf? 


. The ObjectEntryEnumeration 


does not know about order or 
relationships. The following 
applies only to NDS 8: If you 
filter on attributes instead of 
object class attributes, order is 
not guaranteed. Also, order is 
not guaranteed when the 
search filter criteria does not 


map to an NDS index. 


I am developing a ConsoleOne 
snapin. The snap-in needs to 
provide a login facilty only if 
the ConsoleOne is being 
run on a client machine. If 
ConsoleOne is launched on the 
NetWare server then no login is 


to be provided. 


1. How does the snapin find 
out if the ConsoleOne is 
launched on a server or 


client? 


2. If it is launched on a ser- 
ver, how do I know the IP 
address/distinguished 
name of the server on 


which it is running. 


determine 
the platform would be the 
Java API getProperties() 
(Java 1.1.x), then in the 


returned list the os.name. 


Do you mean login or NDS 
authenticate? For logging in, 
use the Novell Client; you 
can then use ConsoleOne to 
manage the areas where user 
has rights. On the server, 
ConsoleOne authenticate (in 
the online docs) should be 


the solution. 


.I have developed a snap-in 


in ConsoleOne which adds a 
class to NDS, creates an 
object of it, and allows it to 
store info for some configura- 
tion purpose. Now anybody 
can delete that object by just 
selecting the object and click- 
ing on Delete in File menu. I 
want to take some actions 
when this object is deleted. 
How do I trap this event? 


. Yes, you can be notified of 


deletes to objects. You can do 
this by adding yourself as a 
VetoableChangeListener to 
the shell. Once you do this 
you will be sent an 
NSObjectEvent.VETO_DEL_ 
EVENT and at that time 
your listener can decide 
whether to veto the delete or 
not. However, NDS events 
are only registered per repli- 
ca. So if the event occurs on 
another partition, you will 
never see the event. To 
absolutely guarantee that 
you get the user delete you 
first need to build your own 
Global Event Service. 
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JAVA Technology 


Reprinted by permission 
from Sun Microsystems’ Java 
Technology Web site: 


/ “http:/ /java.sun.com 


2K—minor inconven- 

ience or major apoc- 

alypse? Time will tell... . 
But, if you’re a developer using 
Java technology, Y2K bugs proba- 
bly don’t appear on your radar 
screen. Why? The reason is simple. 
From its start, the Java language 
specification was written with pro- 


visions for the millennium. 


“Java technology never had the 
classic Y2K problem of program- 
mers storing two-digit dates with- 
out century indications,” says 
Vivian Tillman, system integra- 
tion test manager at Sun. “From 
day one, Java technology was 
designed with a date field that 
can accommodate practically any 
range of date indications.” 


James Gosling, the primary deve- 
loper of the Java programming 
language, wrote the original date 
class himself. “I designed the date 
format in the Java language to 
have a long lifetime. It will take 
over 292 million years for it 
to overflow, a long time for a 
species, a short time for a planet,” 
says Gosling. 
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is Ready For Y2K 


Putting Java Code to the Test 


Y2K testing of Java software is 
conducted throughout the product 
development cycle, not just at the 
end. And due to two concerns 
about early versions of the Java 
Development Kit (JDK) software, 
rigorous Y2K testing is underway 
on all of Sun’s Java applications. 


“A series of 28 rigorous tests 
ensure that our products parse 


y) 


dates correctly,” says Tillman. 
Parsing a date is the process of 
reading a textual representation 
of the date and interpreting it cor- 
rectly. For example, Apr. 6, 1999, 
April 6th, 1999, and 04/06/99 are 
all different text representations 
of the same date. Software is 
parsing correctly if it makes asso- 
ciations between these different 
strings and the one date they 


represent. 


The 28 Y2K tests check that the 
application calculates dates accu- 
rately under a variety of condi- 
tions, for example, some of the 


date validations check: 


e The roll-over date from Decem- 
ber 31, 1999 to January 1, 2000 


e The first and second date in the 
year 2000 


e That the leap year date, 
February 29, 2000 appears 
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e That February 29, 2000 is the 
third day of the week 


e That March 1, 2000 is the 61st 
day of the year 


e That January 1, 2001 is the 
second day of the week 


The complete test suite, developed 
internally by Sun, is also used to 
test the Solaris operating environ- 


ment. For the Sun’s Java 
Software, the Y2K test suite is 
integrated with the Java 


Compatibility Kit (JCK) proce- 
dures and regression tests which 
are a standard part of Java tech- 
nology product development at 
Sun. The test routine takes 
approximately 30 minutes to com- 
plete and is administered at 
numerous stages of development. 
“Y2K testing is a small part of our 
overall test procedures, but it is 
scheduled in and is done every 
week,” says Mimi Hills, program 
manager for the Java 2 platform. 


Past Problems Now Solved 


In all of Java technology’s past, 
the Java Software team has found 
only two problems that have 
affected JDK software—both in 
early releases that are no longer 
supported for development. The 
two bugs relate to “ambiguous 
strings” that can be interpreted in 


multiple ways. 


“In JDK software version 1.1.4, if 
you type in the date 1/1/02, it can 
be interpreted ambiguously as 
1902 or 2002,” says Brian Beck, 
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staff engineer, Sun international- 
ization group. “If the context of 
the date is the expiration of 
my driver’s license, it’s prob- 
ably 2002, but if it is my grand- 
father’s birthday, it’s prob- 
ably 1902.” 


To help correct this, the team 
developed a heuristic, or a “rule 
of thumb,” in the code that estab- 
lishes a 100-year moving window 
of time stated as: 80 years back 
and 20 years forward. Using this 
rule, JDK 1.1.4 “guesses” that 
an ambiguous date occurs in 
the 1900s if it is within 80 years 
before the current date, for exam- 
ple, 1919 through 1999. Here, 
1/1/27 would be considered 
to occur in 1927, not 2027, 
and 1/1/17 would be evaluated to 
represent 2017. 


“Within a 100-year span, most 
people have associations with 
events that go forward no more 
than about 20 years in the 


D 


future,” says Beck. “But, it is a 
heuristic and susceptible to mis- 
takes.” In the Java 2 platform, an 
application programming inter- 
face (API) allows users to override 
the heuristic default decision and 
specify the correct century 


through user preference settings. 


The other Y2K bug known to 
affect JDK software was the 


leap-year accommodation for the 
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year 2000: February 29, 2000. 
“We fixed that in JDK software 
version 1.1.6,” says Hills. “In 
fact, the leap year date is the 
only reason that JDK software 
versions 1.1.4 and 1.1.5 are not 
Y2K compliant.” Beginning with 
JDK 1.1.6 software, all succes- 
sive releases are tested to be 


fully Y2K compliant. 


Not All Bugs Are Y2K Bugs 


“Y2K is simply not a big deal for 
the Java language,” says Beck. 
“Java technology hasn’t suffered 
from the threat of Y2K in com- 
parison to older development 
technologies. Other languages, 
such as Cobol, for example, have 


been much more impacted.” 


The Java software team is 
always on the look out for Y2K 
bugs. “But not every bug that 
will appear in the next year or 
the next century is a Y2K bug,” 
says Beck. “Most bugs aren’t 
Y2K specific. However, we are 
vigilant about any type of bug, 
and bugs always appear in soft- 
ware. It’s a part of the software 


development process.” 


Upgrade to the Java 2 
Platform 


The best way to avoid any Y2K 
problems in developing and 
maintaining Java technology- 


based applications is to upgrade 


to JDK 1.1.6 software and 
preferably to Java 2 platform, 
and follow the published lan- 
guage specification. Please note 
that JDK software below ver- 
sion 1.1.6 is non-compliant and 


no longer supported by Sun. 


The Java 2 platform addresses 
virtually all the needs of the 
enterprise environment. Aside 
from offering full Y2K compliance, 
it is stable, secure, fast, interoper- 
able, and compatible with past 
versions of the JDK software and 


all major operating systems. 


A list of feature articles about the 
Java 2 platform appears at 
http://java.sun.com/jdk/ 
features/, and an explanation of 
the JDK 1.2 features introduced 
as part of the Java 2 platform can 
be found at http://java.sun. 
com/products/jdk/12/docs/ 


relnotes /features.html. 


—by Jon Byous 


Cisco, Oracle, Netscape, 


Quantum, and dozens of 
smaller tech firms. Jon has 
written over 25 articles about 
Java technology, a passion of 
his, for Sun’s Java techn- 
: ology Web site. 7 . 
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Advanced CORBA Program- 


ming with C++ 


Authors: Michi Henning and 
Steve Vinoski 


Published by: Addison Wesley 
Date Published: 02/1999 
ISBN: 0201379279 


Provides the necessary tools to 
understand CORBA technology at 
the architectural, design, and 
source code levels. Contains 
hands-on explanations for build- 
ing applications, and can be used 
as both a tutorial and a reference. 
Details the Interface Definition 
Language (IDL) and discusses 
topics such as common IDL 
idioms, potential pitfalls, and 
interface design trade-offs. 
Explains IDL-to-C++ mapping, 


and gives source code examples. 


Presents the new Portable Object 
Adapter (POA), and shows how to 
use the POA to create scalable 
applications. Chapters on IIOP 
and implementation repositories 
provide background on what hap- 
pens beneath the covers of an 
ORB. A section on the dynamic 
aspects of CORBA covers more 
advanced features, such as the 


new DynAny interfaces. 


NOY ELL 


Authors: Mark C.Chan, 
Steven W. Griffith, and 
Anthony F.lasi 


Published by: Jamsa Press 
ISBN: 1884133320 
CD-ROM included. 


Examines all aspects of Java—a 
book for the first time Java pro- 
grammer or the java expert 
looking for behind the scenes 


secrets. 


e Understand all aspects of 


object-oriented programming. 


e Perform state-of-the-art 2-D 
and 3-D graphics programming. 


¢ Create multimedia programs 
that integrate text, graphics, 


sound, and video 


e Exploit multimedia programs 
that integrate text, graphics, 


sound, and video 


e Use Java exceptions to build 


robust programs 


e Create Java-based Internet- 
aware programs that use 
TCP/IP sockets 


e Manage database operations 


using Java’s database API 


¢ Use Java-based programming 
tools, such as a debugger, pro- 


filer, and document generator 
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to simplify your programming 


process 


¢ Covers Windows, Mac, and 
UNIX, including Visual J++ 


Core Jini 
Author: W. Keith Edwards 
Published by: Prentice Hall 
Date Published: 07/1999 
ISBN: 013014469X 


Jini enables any device—from 
enterprise servers to kitchen 
appliances—to network smoothly, 
simply, and reliably. Core Jini 
delivers a comprehensive, practi- 
cal explanation of Jini techn- 
ology—plus the live Java code 


experienced developers need. 
Core Jini contains: 


e Coverage of the entire Jini API 


e Descriptions of the entire Jini 


architecture 


e Step-by-step instructions on 
how to build a complete Jini 


service 


e Details on Java properties for 
controlling and tuning Jini 


services 


Discover how Jini addresses dis- 
tributed networking problems 
ignored by “traditional” technolo- 
gies—and how it can simplify con- 
nectivity in both new devices and 


existing networks. 
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Novell Developer Notes Feedback Form October 1999 


To help us give you the kind of information you need to better design, configure, install, and maintain your network, 
please take a moment to answer a few questions about the Novell Developer Notes. Fax the completed form 
to (801) 861-4123. Thanks—we value your feedback. 


1. How useful is each article in this issue? 


The Novell Controls for ActiveX and Visual Basic: Searching NDS Field Values 


CU Indispensable O Very useful Somewhat useful Not at all useful 
Using JNDI and Novell’s NJCL to Access NDS 
1 Indispensable [1] Very useful 1 Somewhat useful [] Not at all useful 
Using the NetWare Deployment Kit to Upgrade to NetWare 5 
C1 Indispensable O Very useful C1 Somewhat useful 1 Not at all useful 
Features of the Novell Kernel Services Programming Environment for NLMs: Part Two 
CL Indispensable [] Very useful Somewhat useful 1] Not at all useful 
Overview of New Features in BorderManager Enterprise Edition 3.5 
U1 Indispensable Very useful C1] Somewhat useful Not at all useful 
Novell Developer Workshop Tour 99 
11 Indispensable C1 Very useful Somewhat useful 1] Not at all useful 
Code Break 
Indispensable O Very useful CJ Somewhat useful DO Not at all useful 
DeveloperNet Connections 
Indispensable L Very useful 1] Somewhat useful OC Not at all useful 
2. I would like to see more articles on: 
C1] Network design and optimization [| Network management 
TC Novell product implementation NetWare theory and internals 
CO Third-party product integration 1) NetWare programming 
C1 Other 
3. The type of article that is most useful to me is: 
1] Theory/conceptual Tutorial C Troubleshooting/support | Technical case study 
4. My affiliation with Novell is: 
C1 CNE/ECNE/NPA CL] Programmer OC Systems Integrator [] MIS 
CO CNI LO Reseller U1 Systems Engineer Network Supervisor 
CNA OC Consultant Technical Support OC Other 


5. General comments about the Novell Developer Notes: (Please attach page if necessary.) 
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Order Form 


Use this form to order subscriptions to Novell AppNotes, Novell Developer Notes, and back issues of AppNotes, 
Developer Notes, or Novell Research Reports (subject to availability). Please type or print. 


Name 


Phone 


APPNOTES OR DEVELOPER NOTES SUBSCRIPTION 
One-year subscription to [] AppNotes or (] Developer Notes (inside the U.S.) 
AppNotes or [] Developer Notes (outside the U.S.) 


Part Number (required) Month/Year or Report Title 


*Shipping and taxes are included in subscription price. Payment All orders must be prepaid. 


** is 
Back Issue Prices LJ Check or money enclosed. 


1-9 copies US$15.00 each inside the U.S. (includes s&h) CJ Bill credit card number: Expiration date 
US$20.00 each outside the U.S. (includes s&h) 
10-49 copies US$ 9.00 each plus shipping & handling 
50-99 copies US$ 7.00 each plus shipping & handling 
100+ copies US$ 5.00 each plus shipping & handling 0 VISA MasterCard American Express 


Cardholder signature 
Cardholder name (printed) 


Mail or fax this completed form to: or call: 

Novell Research Order Desk Fax Number: (800) 377-4136 (U.S. & Canada) 

1601 Park Avenue West (303) 294-0930 (303) 297-2725 (other locations) 

Denver, CO 80216-5199 Please have your order and credit card information ready. 


N ove | l. Novell, Inc. © 122 East 1700 South © Provo, Utah 84606-6194 # 801-861-7000 Pcode=DVNOR 10/99 


Novell Research Publications 


For information on how to order these publications, refer to the Novell Research Order Form. Prices for reprints are 
USS8 per copy in the United States, US$12 per copy in all other locations. Price includes shipping and handling. To 
obtain an updated list of publications, call the Novell Research Order Desk at 800-377-4136. Outside the U.S. and 
Canada, call 303-297-2725. Or send an E-mail to devnotes@hibbertco.com. 


Novell Developer Notes 


Date Part Number Titles 


Oct 99 464-000057-010 The Novell Controls for ActiveX and Visual Basic: Searching NDS Field Values 
Using JNDI and Novell’s NJCL to Access NDS 
Using the NetWare Deployment Kit to Upgrade to NetWare 5 
Features of the Novell Kernel Services Programming Environment for NLMs: Part Two 
Overview of New Features in BorderManager Enterprise Edition 3.5 
Novell Developer Workshop Tour ‘99 
Code Break 


Sep 99 464-000057-009 The Novell Controls for ActiveX and Visual Basic: Reading Field Values 
NDS Glossary 
The Future of Application Development on NetWare with NLMs 
SCHMAP: NDS Schema Extension and LDAP-to-NDS Mapping Utility 
Features of the Novell Kernel Services Programming Environment for NLMs: Part One 
SCHMIG: Schema Migration Utility 
Developer Tools: Credentia ViaNet/NDS 
Code Break 


Aug 99 464-000057-008 White Pages Application NDS Programming Tutorial: Directory Concepts 
White Pages Application NDS Programming Tutorial: The Demo Application 
Building Web Database Applications Using Novell Script for NetWare 
The Business Case for Directory-Enabling Your Application with NDS 
Benefits of NDS 
Minimum Patch List 
Code Break 


July 99 464-000057-007 Designing NDS Schema Extensions 
The Novell Controls for ActiveX and Visual Basic: Logging In 
Extending the NDS Schema with DSAPIs 
NDS 8 Update 
Novell Delivers High-Availability Solution for NetWare 5 
Code Break 


June 99 464-000057-006 Programming with the Novell Controls for Active X and Visual Basic: Getting Started 
Configuring JavaBeans for Novell Services 
Schema Enhancements for NDS 8 
Runtime Programming in Java; A Technology Primer 
Using BulletProofs JDesignerPro 3.0 to Build Java Applications on NetWare 5 
Developer News 
Minimum Patch List 


May 99 464-000057-005 Introduction to NDS for Developers 
Applications for NetWare 5, Part 4 
Overview of NDS for NT 2.0 
BorderManager Authentication Services 3 
EPC C/C++ Enterprise Edition for Novell NetWare 
Novell SuperLab 
NDS for Solaris: An Overview 
Active Server Pages (ASP) on NetWare 
Developer News 
Minimum Patch List 


Apr 99 464-000057-004 Understanding and Using Novell’s Universal Component System 
The Novell Developer Kit 
NDS forNTQ&A 
Applications for NetWare 5, Part 3 
Using Novell’s Year 2000 Information Ferret to Determine Your Y2K Status 
Developer News 
Minimum Patch List 
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Date 
Mar 99 


Feb 99 


Jan 99 


Dec 98 


Nov 98 


Oct 98 


Sep 98 


Aug 98 


July 98 


Part Number 
464-000057-003 


464-000057-002 


464-000057-001 


464-000055-012 


464-000055-011 


464-000055-010 


464-000055-009 


464-000055-008 


464-000055-007 


Novell Research Publications 


Titles 


Introduction to NDS v8 

DeveloperNet University’s NDS 102 Using C and LDAP 

Stick a Fork in it: 1998 Novell Developer Workshop Tour Series Well Done 
Applications for NetWare 5, Part 2 

The Winners’ Circle 

Novell JavaQ & A 

Minimum Patch List 


The Winners’ Circle 

NDS102: Authenticating to NDS Using C (NDAP) APIs 
Why Develop to NetWare 5? Part 2 

Whats New in NetWare 4.2? 

NetWare 5 Tested and Approved Applications 
Minimum Patch List 


Developing NLMs with Metrowerks CodeWarrior 

NetWare 5 Overview, Part 2 

Writing Java Applications on NetWare Using Legacy NLMs 

Why Develop to NetWare 5? 

Cisco and Novell to Provide NDS with Interoperability with Cisco Routers and Switches 
Minimum Patch List 


CodeWarrior’s Architectural Advantage 

DeveloperNet University’s NDS101 Using C and LDAP 

Novell’s Controlled Cryptographic Services 

Developing Target Service Agents Using CCSCL 

AnyInfo Example 7: Using JDBC to Access an Oracle8 Database 
Minimum Patch List 


Configuring LDAP Services for NDS 

DeveloperNet University’s NDS101 Using C 

Using Java Naming and Directory Interface (INDI) to Develop Novell Directory Services 
Enabled Applications 


Overview of the Novell Developer Kit 

Novell Developer Kit Q&A 

Using the NetWare 5 NDS Administrator Utility as a Development Tool 
Introducing the DeveloperNet University Web Site and Article Series 
NDS 101 with Novell’s NWDir Bean 

NDS Schema Overview 

AnyInfo Example 6: Using RMI to Access a Database Service 
Developer News 

Minimum Patch List 


NetWare 5 Overview, Part 1 

New Features of NDS in NetWare 5 

Building NetWare DLLs 

NetWare 5 Security Components 

Oracle8 for NetWare 

AnyInfo Example 5: Using the Novell NWDir Bean for NDS Access 
The Novell Developer Workshop Tour 

Minimum Patch List 


AnylInfo Example 4: Implementing a Scalable NDS Design with ConsoleOne Snap-ins 
Differences between LDAP 2 and 3 Protocols 

Overview of Novell DNS/DHCP Services 

Scheme for Optimizing Calls to Functions through Pointers on Pentium Processors 
“Show Me the Money”: Enter the Novell Developers’ Contest 


The Transformation of API_Info into a Multi-tiered, Database Application: A Series 
Developing an LDAP Client for Novell Directory Services 

Quoi de Neuf: What’s New in NetWare 5? 

The New Novell Developer’s Contest 

Developer News 

Minimum Patch List 
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Date 
June 98 


May 98 


Apr 98 


Mar 98 


Feb 98 


Jan 98 


Dec 97 


Nov 97 


Oct 97 
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Part Number 
464-000055-006 


464-000055-005 


464-000055-004 


464-000055-003 


464-000055-002 


464-000055-001 


464-000053-012 


464-000053-011 


464-000053-010 


Novell Research Publications 


Titles 


NDS Services 

NDS Design for Z.E.N.works and NDS for NT 

Developing NDS-Enabled Solutions at Clemson University 
Winners of the NDS Developer Contest 

Top Eight Reasons to Use NDS for NT 

Developer News 

Minimum Patch List 


The Novell OSA SDK: An Overview 

Extending an NDS Schema with ConsoleOne’s NDS Namespace 
NDS Database Operations 

Overview of Modesto 

BrainShare News 

JavaOne News 

Winners of the NDS Developer Contest 

Minimum Patch List 


Adding a Property Page to ConsoleOne 
Z.E.N.works and the Art of Desktop Management 
NDS Technical Overview 

Minimum Patch List 

Navigating the DeveloperNet Web Site 


Open Solutions Architecture Technical Overview 

ConsoleOne: Common Console for Management and Administration Utilities 
More on OSA’s New Tools Platform, ConsoleOne 

Snapping your NDS Application into ConsoleOne 

Novell Scripting Options and Future Strategy 

DeveloperNet: The Source of Opportunity 

The NetWare Strikes Back 

GroupWise Admin API: Automating Administrative Tasks 

C3POs Made Easy: A New Tool To Help the Developer 


OSA: A New Focus for Novell and Developers 

Opportunities for Server-Side Java 

The NLM Side of the API_Info Java/NLM Gateway Example 
Installing and Using NPrinter NT 

Developer Forum 

Novell’s Project 2000 

DeveloperQ&A 

Developer News 


Extending Your NLM System into Java, with Ease 

The Java Side of the API_Info Java/NLM Gateway 

Administration of the Novell Trader 

Programming NetWare with Java 

Developer Q&A 

Database Manager for NetWare 

Sun and Netscape Offer Developer Release of Java Foundation Classes 


Developing with NDS Using Industry Standards: Java, ActiveX, ODBC, and C 

Developing NDS-Enabled Applications 

Quo Vadis? 

Novell Trader: An Advanced Tutorial on Registration and Server Object Creation 

Finding Services with the Novell Trader 

Novell IntranetWare, YES Tested Products Granted C2 Rating by National Computer Security Center 
Novell Directory Services Q & A 

Novell Distributed Print Services Increase Business Efficiency for Customers 

Overview of Novell Distributed Print Services 


The Anatomy of a Simple IntranetWare Client/Server Application: Part 3 
Novell Trader Helper Class: TraderService 
Extending the NDS Schema Object Class and Attribute Definitions 


The Anatomy of a Simple IntranetWare Client/Server Application: Part 2 
Getting Started in NetBasic Development for the Web 

Using the Novell Trader 

Accessing and Modifying Information in the NDS Database 
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Date 
Sep 97 


Aug 97 


July 97 


June 97 


May 97 


Apr 97 


Mar 97 


Feb 97 


Part Number 
464-000053-009 


464-000053-008 


464-000053-007 


464-000053-006 


464-000053-005 


464-000053-004 


464-000053-003 


464-000053-002 


Novell Research Publications 


Titles 


The Anatomy of a Simple IntranetWare Client/Server Application: Part 1 

Overview of Novell Application Launcher 2.0 

Getting Started with NDS Development 

Novell Agreement with IBM To Unify Network Management of Multiple Platforms 


Introduction to Novell Replication Services 

Overview of Novell Replication Services 

Planning Replication 

The NetWare API: Managing the Server from a Client 
Novell Trader Service Architectural Overview 

NDS Technical Overview: Novell Layered Services 
Java Meets Novell’s GroupWise API Gateway, Part III 


Novell BorderManager Product Summary 

BorderManager: Managing Virtual “Borders” between Corporate Networks and the Internet 
ObjectWatch: BorderManager and Access Control 

Java Meets Novell’s GroupWise API Gateway, Part II 

Novell Directory Services Q & A 

Sun Microsystems Extends the Power of Java with New APIs 


Practical Applications of NetBasic Web Pro 
IntranetWare Programming Fundamentals CBT 
Extending the NDS Schema: A Beginner’s Approach 
NetWare/IPQ &A 

Novell Directory Services Q & A 


Using the DeveloperNet 2000 ActiveX Controls 

Java Meets Novell’s GroupWise API Gateway, Part I 

The NetWare API: Getting File Server Configuration Information, Part III 
Building Network Services for Java 

Novell Directory Services Q & A 

News from BrainShare 

News from JavaOne 


Creating a GroupWise 5 Custom Third Party Object (C3PO) Using Delphi 
Overview of NDS Scale 

Using Novell’s Web Server LCGI To Develop an NDS Web Browser 
Novell Simplifies Network Management 

Novell Directory Services Schema Registry v2.02 

DeveloperNet 2000 Java Products and Services 

Novell to Bring Sun’s Visual Java Technology to IntranetWare 

A Look at the Java Development Kit and Java Beans 

Java and NDS Integration 

Novell Unveils Java-Enabled GroupWise Client 

Java API Overview 


Anatomy of a Java Applet, Part 3 

Java Studio: Java for Information Specialists 

The NetWare API: Getting File Server Configuration Information, Part II 
Overview of Novell Directory Services 

Generating NLMs Without Watcom C 


Anatomy of a Java Applet, Part 2 

Overview of Novell’s DeveloperNet2000 ActiveX Controls, Part 2 
Building GroupWise 5 Gateways Using the API 

Global Backup with Storage Management Services 

Novell Directory Services Q & A 

ObjectWatch 
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Date 


Jan 97 


Dec 96 


Nov 96 


Oct 96 


Sep 96 


Aug 96 


Jul 96 


Jun 96 


May 96 
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Part Number 
464-000053-001 


164-000049-012 


164-000049-011 


164-000049-010 


164-000049-009 


164-000049-008 


164-000049-007 


164-000049-006 


164-000049-005 


Novell Research Publications 


Titles 


The NetWare API: Getting File Server Configuration Information, Part I 

Kayak: Node-Based Licensing Using NetWare Licensing System (NLS) Services 
Building NLMs Using Watcom’s IDE v10.6 and C 

Incorporating NDS Schema Extensions into the NetWare Administrator Application 
Introduction to NetWare SMP Architecture and SMP NLM Development 

Using NetWare Distributed Printing Services (NDPS) 

Novell Directory Services Q & A 

Novell Delivers Java for IntranetWare 

Novell Web Server 3.0 Enter Beta 

Novell Releases Early Access Technologies 

Novell Removes Barriers to Widespread Adoption of Directory Services 


Developing DeveloperNet 2000 Components for IntranetWare 

An Object-Oriented Approach to Automated Information Mark-Up 

An Introduction to the New Cross-Platform Connection Model 

Integrating with the NetWare Administrator Utility Using the Snapin Services SDK 
GroupWise Message Logging 

Memory Utilization and APIs: A Comparison of NetWare 4.x and NetWare 3.12 


Novell’s Net2000: Bringing the Power of Networking to Developers 

The Java Development Kit for NetWare 

NetBasic: IntranetWare’s Scripting Language 

Novell Embraces Oracle Network Computing Architecture 

Moving from GroupWise 4.1 To GroupWise 5 APIs 

Overview of Novell’s Net2000 ActiveX Controls 

Writing Library NLMs 

IntranetWare Solutions: Using NetBasic to Build A Collaborative Web Site 
Novell Directory Services Q & A 

ObjectWatch 


What’s New in NetWare 4.11 

An Object-Oriented Approach to Modeling Information Content 

Using NDS Schema Extensions to Record Application Configuration Data 
Novell Directory Services Q & A 


Building Value-Added Solutions with GroupWise 5 

GroupWise 5 Architecture: GroupWise Is Messaging 

Creating Compelling GroupWise 5 Internet/Intranet Solutions 
C3POs in GroupWise 5: Extensibility at Its Best 

The GroupWise 5 Object API: An Object-Oriented Picture of the Data Store 
Using OCX/Active X in GroupWise 5 

GroupWise NDS Schema Modifications 

CMC/CSA: Interfacing with the GroupWise 5 Data Store 

Controlling GroupWise 5 with Tokens 

GroupWise Web Access Customization: Making HTML Work for You 
MAPI Support in GroupWise 5 


Anatomy of a Java Applet, Part I 

Programming Client APIs for Use Inside a Visual Basic Application 
NLM Issues and Strategies When Accessing NDS 

Writing NetWare Applications with Borland Delphi 


An Object-Oriented Approach to Process Modeling 
Programming to NWSIPX—Novell’s 32-bit IPX/SPX API 
Novell’s Vision of Client-Network Computing for Developers 
Java on NetWare Takes Shape 

NetWare 4 Green River Beta Release 


Introduction to Java and the Java Infrastructure for NetWare 

Setting the Workstation Name Using the Client Connection Services APIs 
The NetWare API: Working (Smarter) with Server Connections 
NetWare/IP: Integrating to TCP/IP 


JumpStart on the Net2000 Novell Directory Services (NDS) ActiveX Controls 
Handicapping a Thread: Death to Your Application? 

GroupWise XTD Tokenization 

Using NDS Connection APIs To Write Enterprise Enabled Applications 
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Date 
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Mar 96 


Feb 96 


Jan 96 


Dec 95 


Nov 95 


Sep/Oct 95 


Jul/Aug 95 


May/Jun 95 


Mar/Apr 95 


Jan/Feb 95 


Nov/Dec 94 


Sep/Oct 94 


Jul/Aug 94 


May/Jun 94 


Part Number 


164-000049-004 


164-000049-003 


164-000049-002 


164-000049-001 


164-000046-007 


164-000046-006 


164-000046-005 


164-000046-004 


164-000046-003 


164-000046-002 


164-000046-001 


164-000045-004 


164-000045-003 


164-000045-002 


164-000045-001 


Novell Research Publications 


Titles 


Adding Console Commands to NetWare 

NetWare QMS 

NLMDebug Overview 

Using NDS To Make a Service Globally Accessible 


Net2000 Smart Components 

File System Hooks 

The GroupWise XTD Object API 

Exploring TUXEDO Using the Bankapp Demo Program 


GroupWise XTD APIs and Beyond: A BrainShare Preview 

Developing NLMs Using User-Security Equivalences 

The NetWare API: Using Semaphores to Implement Concurrent-User Licensing 
NLM Development Environment 


Building Network Applications with Net2000 

Developing C++ NLMs 

Cross-Program Strategies: Novell Labs Maximizes Developer Benefits 
Enterprise Consulting Partners: Novell Expands Program 


Novell’s Smart Global Network and the Future of Computing 
Tuxedo System: Recovery and Troubleshooting 

The GroupWise CMC/CSA Server-Based Interface 

TSAPI Conference 


Net2000 Will Provide Integrated Interface to Network Services 
Developing NLMs with Base Technology’s NLM SDK and Borland C++ 
Novell's Vision of Distributed Services 

Network Utilization Voodoo 

DeveloperNet: Novell Launches New Program for Software Developers 


Using AppWare To Automate Perfect Office Applications 
Incorporating Elan License Manager for NetWare Environments 
Guidelines for Enabling Software for Japan 


Using Messaging APIs (Part II: SMF-71) 
Rapid NetWare Application Development with Borland Delphi and Apiary Developer’s Suite for NetWare 
The NetWare API: Making Your Programs NDS-Aware 


Using Messaging APIs (Part I) 
Developing NLMs for an International Market (Part I) 
The NetWare API: Verifying the Presence of Network Resources 


Accessing the NetWare Bindery Using AppWare 
NDS Application Development Using C++ (Part II) 
Developing C++ NLMs 

NetWare Development on the PowerPC 


Understanding NetWare Directory Services 
NDS Application Development Using C++ 
Debugging NLMs with the Dexter Debugger Extender 


OpenDoc: Reducing Software Complexity, Increasing Software Capabilities 
Controlling the Server Clock under NetWare 4 

NEST Architectural Overview 

Developing NetWare Server Utilities with SimWare’s REXXWARE 


An AppWare Loadable Module for NetWare Directory Services 

Inter-Application Transaction Processing: The Tuxedo System Approach 

Application Development with NetWare Telephony Services 

Developing NLMs and NetWare Utilities with HiTecSoft’s ManageWare 

Programming a Distributed Application: The Tuxedo System Approach 

NetWare Programming in Visual Basic: Using Apiary’s NetWare Client SDK for Visual Basic 
Using Polybuttons within Visual AppBuilder for Navigation, Screen Layout and Design 
Using Visual AppBuilder to Develop an ALM for a Pointing Device 


Visual AppBuilder Architectural Overview 

The AppWare Foundation: An Overview 

Introduction to Visual AppBuilder: Creating Menus for Reuse 
Developing the Vendor Alliance Tracking Program 
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University-like learning — 
without grades. 


Need directory? Get training! Sign up for a free Novelle Developer Workshop 
coming to a city near you this fall. It’s the convenient opportunity to receive in- 
depth classroom training on Novell Directory Servicese (NDS"), LDAP, Oracles 
8i, Oracle Webdb, Pervasive” SQL and more—whether you’re a beginner, 
intermediate or advanced developer. Check out our Web site for a complete list of 
workshop tracks and sessions. These one- and two-day workshops are free 
to Novell DeveloperNets members (You can join DeveloperNet for free; non- 
members pay $249). Besides the fresh information, you'll also take home a free 
Novell SDK CD, a beta copy of Cobra and other valuable giveaways. So register 
for a Novell Developer Workshop! A little cramming on how to leverage NDS 
could help you take your solutions to the next level of success—with millions of 


directory-enabled customers. Seating is limited and going fast, so register today. 


http://developer.novell.com/workshop 
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“NDS is the crown jewel, 
but the real value is 
directory-enabled 
applications.” 


Dr. Eric Schmidt 
Novell CEO 


The Novell Developers’ Contest Is History... 
in The Making 


Looking for directory-based network and Internet solutions to build your business? Read about the recently 
completed Novell Developers’ Contest and you’ll discover them. Over 500 solutions were submitted and 
pre-qualified, and just the ‘best of the best’ were selected. DeveloperNet is proud to present these 
award-winning network and Internet applications, collaboration solutions, and advanced developer tools in 


the fourth and final rounds of the Novell Developers’ Contest. 


THE NOVELL DEVELOPERS’ CONTEST GRAND WINNERS’ CIRCLE 


BEST OVERALL COMMERCIAL APPLICATION 
AXENT Technologies 

Enterprise Security Manager (ESM) For NDS 
www.axent.com 


AXENT’s Enterprise Security Manager (ESM) 5.0 for NDS is an enterprise-class security management 
solution that provides the reporting, management and control necessary to bring even the largest, most 
diverse network into compliance with corporate information security policy. ESM moves the redundant tasks 
of managing a corporate-wide security policy to computers rather than relying on human staff. ESM 
establishes effective security policy by leveraging rights associated to NDS user and container objects, and 
supporting over 35 operating systems, including NetWare, Windows NT (client and server), UNIX and 
HP-UX platforms. 


Eliminating the need for separate security policies covering the same issues on different platforms, Enterprise 
Security Manager lets users evaluate all systems based on a single user-defined security policy. ESM’s 
client-server technology includes powerful wizards to help define administrative accounts and execute 
security assessments. Its manager/agent architecture enables easy grouping of users with similar security 
profiles, such as all of the computers in Accounting grouped into an Accounting domain. ESM also offers the 
ability to create stricter password policies for users granted access to sensitive company information. 
Enterprise Security Manager reporting capabilities display information from the overall security of your 
network down to the individual security settings for users, providing high-level information on security in an 


easy to read, color-coded pie or bar chart. 


Novell 
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Enterprise Security Manager has effectively overcome the barriers 
prevalent in other platform-specific security products. With the 
ability to automate management and control of security policy from 
a single location, ESM adds value to the security features of NDS 
with important platform-specific features and a manageable, 
expandable view of security policy implementation across the 


networked enterprise. 


Enterprise Security Manager’s extensive directory and OS support, 
dynamic configuration capabilities, integrated reporting and open 
framework make it an ideal solution for managing heterogeneous 


network security. 


BEST COMMERCIAL APPLICATION 
CATEGORY WINNERS 


NETWORK SOLUTIONS AND COLLABORATION 
Omnibond Systems 
AuthServ 


www.omnibond.com 


Omnibond System’s proven AuthServ solution provides the 
infrastructure for hosting seamless NDS access to applications 
running on nearly all of today’s leading PC and mainframe server 
platforms. In use at Clemson University since 1996, AuthServ 
implements universal IDs on top of NDS and allows heterogeneous 
systems to leverage those IDs. AuthServ uses the information in 
NDS on several levels and provides single userID and password 
authentication to NetWare environments, IBM mainframes, 
Windows NT servers, and UNIX, including Linux and BSD. 


AuthServ NetWare Loadable Modules (NLMs) can run on any 
NetWare 4.1x or 5.x servers where they interface with the NDS tree 
and processes requests from AuthServ clients running on 
non-NetWare servers. (AuthServ does not require NDS replicas to 
co-exist on any client or server machine, nor extensive modification 
to existing NDS structures.) Since AuthServ uses passwords stored 
in NDS, changing a password once changes it for all platforms, 
without the problems associated with password synchronization 


techniques, a huge time saver. 


AuthServ also expands NDS security to include applications on 
these platforms by making NDS resources available to platform 


developers. For example, applications on a Windows NT or Apache 


90 


DEVELOPERNET CONNECTIONS 


server can use NDS to protect Web pages by userID or group 
membership, eliminating the need to maintain redundant userID 
andauthorization tables within individual applications. Information 
stored in any database on any system is easily made available to 
users through a common, user-friendly Web interface that hides all 


of the complexity of services like SQL queries. 


AuthServ 2.0 was developed by OmniBond Systems as a 
commercial version of Authentication Server 1.0, Clemson 
University’s winning custom solution entry for round one. 
There are over 35,000 user accounts at Clemson accessing 
over 100 NetWare, Windows NT, and UNIX servers and an 
IBM MVS mainframe. Clemson’s AuthServ server processes 
over 40,000 logins and more than 200,000 authentication 


requests per day. 


NETWORK MANAGEABILITY 
Protocom Development Systems 
Secure Trustee 
www.protocom.com.au 


SecureTrustee allows network administrators to control security and 
reduce support overhead by applying user-defined business rules to 
server access across the network. These rules control file and 
directory security on servers from a single point, eliminating the 
need to individually visit each fileserver or manually update access 
rights when users change jobs or leave the organization. 
SecureTrustee’s reporting feature makes looking up user access 
easy. Moreover, when servers are added to the network, security 


rights are automatically added. 


NetWare file system security is normally managed on a 
server-by-server basis. With SecureTrustee’s powerful fileserver 
access reporting, administrators can quickly determine what access a 
user has to an entire network of fileservers. Need to provide all users 
underneath an organizational unit such as ‘New York Office’ read 
and filescan access to the DATA:\SHARED directory on all local 
servers? Secure Trustee integrates NDS and other LDAP directory 
information with fileserver security to solve the problems that help 


desks spend an enormous amount of time fixing. 


INTRANET/INTERNET SERVICES 
Oblix 


E-Business Solution 
www.oblix.com 


The first Web-based software designed to reduce the costs 
associated with managing corporate change, Oblix E-Business 
Solution takes advantage of LDAP, NDS and Java to automate and 
deliver corporate services over the Web to users and 
administrators, and even partners. Corporate services are all of the 
resources needed on a daily basis, such as telephone numbers, 
personal computers, e-mail accounts, security privileges, corporate 


directories and organizational information. 


Oblix E-Business Solution automates and helps manage corporate 
services by creating a complete digital profile for each employee, 
partner or vendor that can be used to provision and track valuable 
corporate resources and information. Oblix customers create 
policies for access control and align information ownership with 
information responsibility. Self-service with the click of a mouse 
replaces paper-based systems for updating and requesting changes 


to information. 


With automated provisioning through NDS or any other LDAP 
directory, new hires can skip the details and be productive on their 
first day. Partners can connect securely to exchange information. 
And the IT department is free to focus on projects that add value to 


the overall business. 


With rich and accurate user profile information, Oblix E-Business 
customers can add value and precision to the online experiences 
of potentially millions of users with unique needs. Oblix 
E-Business Solution uses LDAP to access the scalability and 
stability of NDS to deliver a breakthrough directory-enabled 
solution for the enterprise: providing services and pushing 
administration all the way to E-users—as appropriate—down to 


the most granular level. 


APPLICATION DEVELOPMENT AND DEPLOYMENT 
BulletProof Corporation 

JDesignerPro 

www. bulletproof.com 


Need to deploy an application to authorized users across the intranet 
to access different types of corporate data on Oracle, DB/2, or any 
other leading database? Require rapid development, security and 
Web-based clients, but want a richer interface than HTML? 
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JDesignerPro (JDP) is the first 100% Java tool offering the ability to 
develop server-side Java with a graphical view of the code, 
templates and wizards. In addition, the finished applications are 
integrated with NDS—a huge time-saver for administrators and 
developers. JDP’s Deployment Manager allows deployment of 
compiled modules to a local or any remote install of a JDesignerPro 
system—even directly to a web page. What’s more, JDesignerPro is 
also designed to reuse existing modules within new applications: a 
single Java program can be leveraged into many others with no 


additional coding. 


JDP captures the inherent power of the directory and Java. 
Removed is the necessity to install anything but a browser on your 
users’ and developers’ desktops. Combine this with the JDP 
Enterprise Server and management console for JOBC and ODBC 
connectivity to over 70 different databases, and you’ ve got the 
most powerful set of tools available for complete, end-to-end Java 
development and deployment. JDP offers a production-grade 
application server with advanced tools for rapid development and 
deployment, and includes a robust screen designer, wizards and 
SQL builder—all adding up to significant time savings for 


developers and end users. 


(Metrowerks and Bulletproof Corporation are co-winners in the 


Application Development and Deployment category.) 


Metrowerks 
CodeWarrior 


www. metrowerks.com 


CodeWarrior tools are used by developers worldwide to create 
software in the C/C++, Java and assembly languages. 
CodeWarrior Professional Development Kit (PDK) for NetWare 
provides the capability to edit, compile and debug NetWare 
Loadable Module (NLM) applications using C/C++ and Java 
(future debugging support). This addition to the award-winning 
CodeWarrior IDE enables developers to create, edit, compile and 
debug applications that take advantage of NDS and other services 
to add intelligence, manageability and security to enterprise and 


Internet solutions. 


The most comprehensive package of tools available for the 
NetWare platform, CodeWarrior comes with C/C++ and Java 
toolsets, NetWare and GroupWise SDKs, Device Driver 
Development Kit (DDK), and other libraries necessary for the 


fastest, cleanest NetWare development. 
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BEST OVERALL CUSTOM APPLICATION 
Clemson University 

Collaborative Learning Environment (CLE) 
www.clemson.edu/collab 


Information technology at Clemson includes AuthServ, which 
assigns rights to all network platforms and services with a single 
NDS userID and password, and Collaborative Learning Environment 
(CLE), the “virtual PC” environment for students and faculty. Built to 
run with Omnibond’s AuthServ solution, Collaborative Learning 
Environment (CLE) is a robust set of directory-enabled network 
resources for delivering the next generation academic environment. 
Clemson University’s delivery of a next-generation learning 
environment leads the academic world in leveraging the power of 
NDS to provide a single point of administration and manageable 


access to all of its educational resources. 


Within the CLE environment, network space is provided for 
professors and their students, and access rights are granted through 
the same single userID and password used for access to the network. 
Like class e-mail lists, NDS groups are set up and maintained 


automatically based on the class enrollment. 


Students can access their class workspaces and other resources from 
the network and across the Internet for the submission of papers, 
storage of class notes and syllabus, access to team group folders, 


library reserve materials and class discussions. 


BEST CUSTOM SOLUTIONS CATEGORY 
WINNER 


INTRANET AND INTERNET SERVICES 

HiTecSoft 

Patchlink 

www.patchlink.com 

HiTecSoft’s Patchlink Web site is unique. Instead of simply linking 
to driver sites, this portal takes busy administrators directly to latest 
patches for NetWare, Windows, Linux, OS/2, DOS, and many other 
operating systems, including GroupWise, BorderManager and 
others. This site, which runs on NetWare 5, may well become the 


preferred Internet portal for patch/driver retrieval and disbursement. 
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Companies of all sizes will find this site helpful for the time and cost 


savings, ease of use, reporting capabilities, and more. 


Currently, administrators have to go to every vendor page to 
download the latest updates. With Patchlink, administrators can 
focus on mission-critical tasks and automate patch disbursement to 
clients and servers using HiTecSoft’s Gravitix feature. Gravitix is 
maintained by HiTecSoft as a master reference site for the latest 
builds of patches, drivers, and updates. Gravitix can analyze the 
operating system and provide a report of all software drivers that 
need updating. Authorized users can select updates and patches, or 
let Gravitix automatically download and apply all the latest patches 


and service packs for their system. 


(HiTecSoft’s WebConsole product was awarded Best Commercial 


Application in round one.) 


BEST OVERALL STUDENT APPLICATION 

Jarek Gawor 

Illinois Institute of Technology (Argonne National Laboratory) 
LDAP Browser/Editor 2.7 

www. iit.edu/~gawojar/Idap 


This Java client application provides a Windows Explorer-like 
interface to NDS and other LDAP-compliant directories with 
integrated browsing and editing capabilities. Written in 100% Java 
with JFC (SwingSet) and JNDI class libraries, LDAP 
Browser/Editor allows users to add, view and modify items stored in 


NDS and other directory servers. 


Using LDAP Browser/Editor, connections to NDS and various 
LDAP servers can saved for future use. The user can also bind to the 
connection at various levels of context. When LDAP Browser/Editor 
connects to the NDS tree for browsing and viewing, it also allows 
modifications of NDS objects if the user is logged in as the server 
administrator or has the appropriate rights. NDS attributes and 
classes may be added and modified. Another unique function also 
allows users to retrieve dn context from LDAP V3 servers with only 
the hostname and port number specified. This winning solution is 


one of the Java-based tools used in the Globus Project. 


1ST RUNNER-UP BEST STUDENT APPLICATION 
Jeremy Bishop 

Miami University (Ohio) 

CourseShare 1.0 

CourseShare leverages Java and NDS to promote the management 
of student, faculty and course sharing resources through easy-to-use 
interfaces. With CourseShare, faculty members can easily create and 
manage electronic folders on the network to store their course 
information, as well as student and group folders. Automation of the 
creation of NDS groups and trustees makes the job for system 
administrators less cumbersome. CourseShare extends NDS schema 
by introducing new classes and attributes that store information 


about departments, network and course information. 


While communicating between applets and Java applications on 
NetWare servers, CourseShare makes extensive use of the NJCL 
(Novell Class Libraries for Java) and JNDI (Java Naming and 
Directory Interface) packages. User, Alias, Group and OU 
creations/deletions as well as membership, trustee and NetWare File 
management are all used in the process. CourseShare also provides 
an extra set of classes and attributes to manage CourseShare-specific 
data in NDS. Authentication is provided and all transactions are 
passed across the network with heavy encryption algorithms. NDS 
provides a secure, reliable back end, while CourseShare provides a 
single point of administration, and an easy single point of access for 


users, to an increasingly powerful world of higher education. 


Additional documentation is available by visiting 


http://miavx1.muohio.edu/~grieshjk/CourseShare.doc 


ROUND 4 COMMERCIAL APPLICATION WINNER 
AdRem Software 


Server Manager 
http://www.adremsoft.com 


Server Manager is an advanced, user-friendly tool for monitoring 
and managing NetWare servers. Server Manager uses a Windows 
client and server modules to extend network management capability 
to any connected server, allowing administrators to manage server 
parameters, network connections and open files from one place. 
Server Manager also makes it easy to view and modify NDS access 


rights, including inherited rights, and change other properties. 


Server Manager’s integrated file manager provides the fastest way to 
manage NetWare volumes, directories and files, including changing 
rights and attributes, copying files, loading NLMs, and more. With 
Server Manager’s detailed reporting, administrators can see who is 
consuming network bandwidth or track any statistic counter. With 


the Client/Server version, Server Manager also offers expanded 
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server monitoring and improved remote management over slow 
links (WAN, modems) so administrators can efficiently manage 


their servers across the intranet or Internet. 


ROUND 4 CUSTCM SOLUTIONS WINNER 
Paul Wilkinson 

Com Tech Communications Pty. Ltd. 

Directory Enabled Doors (DED) 


Knock knock? Com Tech knows who’s at the door. Their secure 
Directory Enabled Doors (DED) solution allows physical access 
to corporate facilities with the same ease personnel are granted 
access to network resources such as files, applications, and 
printers. Prior to the solution, each of Com Tech’s locations in 
Australia used a different physical access control system. 
Granting and removing access for staff was time consuming and 
error-prone. After looking at the available hardware and related 
software, Com Tech’s choice to use NDS in developing a 
manageable physical access solution was easy: The company 
already has a fully deployed NDS network providing 


enterprise-wide network access control. 


DED controls physical access based upon user rights to “Door” 
objects added to the NDS schema. By assigning rights to doors at 
an OU or container level, Com Tech has now largely automated 
the processing of granting and managing physical access rights. 
So when a user is created in the MIS container, they inherit rights 
to the computer room doors from the MIS OU. If a user 
subsequently changes roles or locations, they are moved in NDS 
and their physical access rights are updated automatically. NDS 
also helps Com Tech ensure when a user leaves the company that 


both physical and network access are removed at the same time. 


ENABLE YOUR BUSINESS WITH 
DIRECTORY-POWERED SOLUTIONS 


Novell and its partners are delivering a valuable new class of 
intelligent, Internet-ready applications. Novell’s leading 
directory-based products and standards-based development 
environment are enabling developers to deliver Java, C/C++ and 
scripting solutions that enhance and extend existing IT 
investments—and all while offering the anytime, anywhere access 
required in today’s non-stop Internet world. Todays leading 
developers (and over 81 million Novell customers) agree: more than 


ever, the network and the Internet directory leader is Novell. 


For more information about all of the winning solutions featured in 
the Novell Developers’ Contest, and about DeveloperNet, Novell’s 
premier program for developers, please visit 


http://developer.novell.com. 
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Clemson University Best Overall Custom Solution 
OmniBond Systems Best Network Solutions & Collaborative 


Protocom Development 
Systems 


Secure Trustee Best Network Manageability 


E-Business Solutions Best Intranet/Internet Services 


Best Application Development & Deployment 
Bulletproof JDesignerPro 


(co-winner) 
Metrowerks CodeWarrior for NetWare 


HiTecSoft Patchlink Custom Category) Best Intranet/Internet Services 
Jarek Gawor LDAP Browser/Editor Best Student Application 
Jeremy Bishop CourseShare 1.0 Best Student Application, 1st Runner Up 


Best Application Development & Deployment 
(co-winner} 
( 


AdRem Software Best Commercial Application 
Comm Tech Technologies Directory-enabled Doors Best Custom Solution 


Metastorm Best Commercial Application 


Clemson University Collaborative Learning Environment | Best Custom Solution 


Lexmark International Lexmark NDPS Gateway 
| 


Protocom Development 
Finalist 


Systems 


Securelrustee 
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Protocom Development 
Systems ProSchedule Finalist 


Clemson University Authentication Server 
PlusFactor PlusFactor Office Pack 
Digital Integration i-Mail 


t Also selected round one Best Custom Solution winner. Original Clemson University submission for OmniBond Systems, LLC. 


For more information about these award-winning solutions, please visit http://developer.novell.conv/contest. 
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DeveloperNet Features at a Glance 


eateries fd 
Cera CC 
Eee nan 


Novell Developer Kit Support incidents 
Novell Yes, Tested and Approved logo available 


Optional offerings: 


Additional AppNotes subscriptions 
Domestic US$89/yr, International US$129/yr 


Additional Developer Notes subscriptions 
Domestic US$89/yr, International US$129/yr 


Novell Support Connection CD subscription 
Domestic US$295/yr, International US$395/yr (Single User License) 
Domestic US$595/yr, International US$695/yr (Site License) 


(For the complete list of DeveloperNet program 
benefits and subscriber options, visit 


http://developer.novell.com/brochure.) 


All prices stated in U.S. dollars only, and unless otherwise noted are based on a yearly fee 
These prices do not include any applicable taxes, VAT or import fees 


Note: Novell reserves the right to change DeveloperNet features as noted on this document 
Features may vary in some countries 
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Contacting DeveloperNet: 


GLOBAL DEVELOPERNET 
SUBSCRIPTION FULFILLMENT CENTERS 


Americas Region 


Toll Free: 1-800-REDWORD (1-800-733-9673) or 
Phone: 1-801-861-5281 


Fax: 1-512-310-9105 

E-mail: devprog@novell.com 

Www: http://developer.novell.com 

Post: P.O. Box 142027, Austin, Texas 78714, USA 


Asia Pacific Region 
Phone: (61) 2-9925-3815 


Fax: (61) 2-9684-6411 
E-mail: devnet @itdirect.com.au 
Post: P.O. Box 36, Rydalmere NSW 2116, Australia 


Europe, Middle East, Africa Region 
Phone: (31)55-538-4279 


Fax: (31)55-543-4455 

E-mail: FFP_NOV@modusmedia.com 

Post: Fulfill Plus/Novell, P.O. Box 830, 7301 BB 
Apeldoorn, The Netherlands 

Japan 

Phone: (81)3-5481-1618 

Fax: (81)3-5481-2779 

China 

Phone: (86) 10-6856-8351 

Fax: (86) 10-6856-8615 

India 

Phone: (91) 22-834-2244 

Fax: (91) 22-834-2223 

Taiwan 

Phone: (886) 2-2570-5705 

Fax: (886) 2-2578-7516 


GLOBAL DEVELOPERNET 
LABS SUPPORT CENTERS 


Americas Region 

Toll Free: 1-800-REDWORD (1-800-733-9673) or 
Phone: 1-801-861-5281 

Fax: 1-801-861-2990 

E-mail: devsup@novell.com 

WWW: http://devsup.novell.com 


Europe, Middle East, Africa Region 


Fax: (49) 211-5632-772 
E-mail: devsup_emea@novell.com 
BBS: (49) 211-56320-567 


WWW: http://devsup.novell.com/engsup/ 


Asia Pacific Region 

Phone: (61) 2-9925-3133 

Fax: (61) 2-9922-2040 

E-mail: devsup@novell.com 

www: http://devsup.novell.com/engsup/ 


For the latest and most up-to-date contact 


information, visit: 
http://developer.novell.com/contact 


Novell. 


DeveloperNet 


Noveii, inc. 

Research Order Desk 

Atin: Novell Program Administration 
1601 Park Avenue West 

Denver, CO 80216-5199 

USA 


Tel. (303) 297-2725 (International) 
Tel. (800) 377-4136 (In United States) 


Novell 


Novell, Inc. 

1601 Park Avenue West 
Denver, CO 80216-5199 
USA 


Change Service Requested 


464-000057-010 
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